IBM AIX versions 5.3, 6.1 and 7.1 releases VIOS 2.2.* suffer from kernel memory leak and denial of service vulnerabilities. It has been identified that the ptrace() system call can be manipulated by an unprivileged user into leaking uninitialized kernel memory and that the method by which this is achieved may also lead to a denial of service condition. This can be achieved by manipulating the parameters that are passed to the ptrace() system call when performing the PT_LDINFO operation. By calling ptrace(PT_LDINFO, childpid, leakbuffer, maximumleak, NULL) with a value of maximumleak that greater than that required for the expected result of the PT_LDINFO operation, the AIX kernel will xmalloc() this space (without initializing it), populate it and then perform a copy operation that returns the result within leakbuffer.
326046758c80dfd7a90603cb6033621d1db225d4cc2532b1585420f2b0419948The remote configuration Java applet in Citrix Netscaler versions prior to 10.1-122.17/9.3-66.5 assigns an empty trust manager to its SSL context, causing it to accept any certificate regardless of validity.
e5644b3c84ef1767a4c3219f5059c4bdfb37dcedae655c50b6b91a1d4af6d79aThe remote configuration Java applet in Citrix Netscaler versions prior to 10.1-122.17/9.3-66.5 contains a poor implementation of the Diffie-Hellman key exchange algorithm. The random number generator used to produce secret values is the java.util.Random class, which is not of cryptographic quality. Publicly known predictors exist for the underlying RNG, and the seed is either 32-bit or 48-bit depending on the host system.
612fdba9feea5c0713bc91be355ef4db41095f1483e3d0a2d21522880fdb4da5Cyberduck version 4.4.3 (14140) for Windows fails to properly validate X.509 certificates.
541b5bb49a5ff4999d477790815626466bd8ac777fd0984dec1f956c46e55a27HP Security Bulletin HPSBMU03037 - A potential security vulnerability has been identified with HP Multimedia Service Environment (MSE), formerly known as HP Network Interactive Voice Response (NIVR). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
aec8b95add2f092b528971141113365b225da682d19aac54594e220dbc06f630Night Lion Security proof of concept denial of service / stress tester for PHP websites running with Apache and NGINX systems (PHP-FPM and PHP-CGI). Using a standard cable/DSL connection, this attack can flood a Linux web server's CPU and RAM using standard HTTP requests. This attack effects Apache or NGINX web servers that handle dynamic PHP content using either PHP-CGI or PHP-FPM (which includes WordPress websites). In addition, the requests made by the attack (or default) web server configurations will continue to keep the server's resources in use far past the end of the attack. To execute the attack, set your target URL and time delay parameters and the script will do the rest.
66e4705c388028be2e16a9b4d12a2811c4c3a961557abb18afaabbf367a8d1adUbuntu Security Notice 2204-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
dd7a26245866c9a5c07f22316740d7f9acf798a4a732970e7b6e116adc20e740Ubuntu Security Notice 2203-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
c8d25e87b929d65edcc4cd7a6d6997665aa69f135e56f3af4a28e7a152ae78aeUbuntu Security Notice 2202-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
391772af2fe8a72ffc41773aafe534e075b531dc203a91903e122f9adaa42138Ubuntu Security Notice 2201-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
fb6cb392ae5025b853c23e0430dec9d8ad8a370f8d544cc861684db1e453338dUbuntu Security Notice 2200-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
58b21505b3ee4b4f9e782fef31f952a0b9c0df237cc181522f5eed95a55ae5a5Ubuntu Security Notice 2199-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
895e12b282957d8d9a403060050150dc4fdd148f9a42d3595bb1170fd560463eUbuntu Security Notice 2196-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
86d38fbc6418df4de6cab53031a6df5774f0fa1a28eb2685d604c9a0545d454aUbuntu Security Notice 2207-1 - Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients.
048ba1c7b39cf652bb2065000cd752dba467066f0f3b3d5301251481601b14b5Red Hat Security Advisory 2014-0473-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.1 release serves as a replacement for JBoss Operations Network 3.2.0, and includes several bug fixes.
4f401d1844f1516c45c35fb297633215009b76b4c56f316e4ac41897e16d6d9bUbuntu Security Notice 2198-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
4cd66a33cf7bd7b75d1dfcc1384e054c40e7d85f25e960c208bf19e7e72d6e6dUbuntu Security Notice 2206-1 - Cristian Fiorentino discovered that OpenStack Horizon did not properly perform input sanitization for Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
5c3b290e4761888a3009adbe26af55923b41684a41ebfe3808e4adc5174691b3Ubuntu Security Notice 2205-1 - Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.
0a36165cd5461687b32e574203a454a3c7144c64466afed8433775e0d7a46ec0Ubuntu Security Notice 2197-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
bed89c789a924164c49f25a9ba1c04c675e19f473575882e6c37259a569abf3bCMS PUNTOPY suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
eaa6b822df51a218305e7b93ebd17c7dba80bc9043aaf9e64d3041648d6adea9SOAPpy version 0.12.5 suffers from XXE and denial of service vulnerabilities.
fcbd1ab000fb47d02b209bbaf51f935e156706c4d194b9781d2f5dc2fdbd552aRuxcon 2014 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre, Melbourne, Australia.
9926fc8ff7b928e9ca8836613b897aed5bdebc0a2ed3dd14bbd749357e065645HP Security Bulletin HPSBGN03010 4 - A potential security vulnerability has been identified in HP Software Server Automation running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. Revision 4 of this advisory.
acf1c601833a846a4939625ab8ce20b162f3678927f1bc481d459741c4a2a195Ubuntu Security Notice 2193-1 - Paul McMillan discovered that the Sheepdog backend in OpenStack Glance did not properly handle untrusted input. A remote authenticated attacker exploit this to execute arbitrary commands as the glance user.
ff9740f205e6ae1e20a5d556a38042223b927531b3ab3ebba7441ac9ff0dd2c7Debian Linux Security Advisory 2924-1 - Multiple security issues have been found in Icedove, Debian's version errors, buffer overflows, missing permission checks, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, privilege escalation, cross-site scripting or denial of service.
0a36e8832664a7fa25c7ef5f78f104e18d401f48f76439906c0a1067563c3ea6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed