Article discussing the SSL 3.0 fallback and POODLE vulnerabilities. Proof of concept code included.
c1251d89447f8978856d0cdde22d5bce6781a9bf91742126bb037c8054e02634RNCryptor suffers from a timing side-channel attack and an issue where use of the == operator can treat strings as floats, depending on the input.
91d75b866237d8e9f6b88cc485195d990c8576d0129faf8f6f7acc349ce56cd7This Metasploit module exploits the SITE CPFR/CPTO commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default runs under the privileges of the 'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website directory, PHP remote code execution is made possible.
6b1b6947386e30749005cc4bbf96249cdc5ee569e7eb6a39db9bbb3306f97451Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
740c0d0b0bec279c2acef5e1b6b4d0016c57cd02a729f5e2924ae4a922e208b2Red Hat Security Advisory 2015-1083-01 - ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on the system. It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users.
92cf38071afd6b4d35ace0c698821aeaa4a129055d2758b46d61251ed3d96e6fHP Security Bulletin HPSBMU03349 1 - A potential security vulnerability has been identified with HP Helion CloudSystem. The vulnerability could be exploited locally resulting in Denial of Service (DoS) or execution of arbitrary code. Notes: This is the vulnerability known as "Virtual Environment Neglected Operations Manipulation" also known as "VENOM". This vulnerability exists in the floppy disk controller driver of QEMU, an open-source virtualization technology used to provision guest Virtual Machines. This vulnerability affects all versions of QEMU and could lead to hypervisor breakout, where a user of the guest VM can gain control of the host. HP Helion CloudSystem leverages QEMU as a core part of its virtualization functionality and is therefore affected by this vulnerability. Revision 1 of this advisory.
98a9283d333907883fa3dcd3c1601d04aa5b59a6594cc587e75494a7a0b44299HP Security Bulletin HPSBST03346 1 - A potential security vulnerability has been identified with HP P6000 Command View Software running Jetty. The vulnerability could be remotely exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
6e34e1e79184e445da91da6e5f6fe7b606b26a7888d29bc86267f36475fc7f73Red Hat Security Advisory 2015-1081-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
f850717f067dc5fbc24d473f0750598f7b3ddbe0c5961ad8568a8305fdcc444bRed Hat Security Advisory 2015-1082-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
af5cb2c99c85406ffa55120a23f7ba62c025c773180ed68775f1b12da56a1861Ubuntu Security Notice 2628-1 - Alexander E. Patrakov discovered that strongSwan incorrectly handled certain IKEv2 setups. A malicious server could possibly use this issue to obtain user credentials.
a27db226bab4d1b2d639fac7b4e04cd4355b7f2d04cb0bde13f4fb7b3eed3590Debian Linux Security Advisory 3282-1 - Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links.
91928d8633f9c89bf22d5e77c5b246bae526323e4b4be16f4c61836ae791911bDebian Linux Security Advisory 3281-1 - This is a notice that the Debian security team has changed its PGP/GPG contact key because of a periodic regular key rollover.
211b1ea0aaa2145e54cf6139052b0b2e7bd73be55b2ad46a4706b2d13c30a213Debian Linux Security Advisory 3280-1 - Multiple vulnerabilities have been discovered in PHP.
370efd21385ef328b87cf11369b67ae2873d3031fdea71b72c144a0041f322d8Debian Linux Security Advisory 3279-1 - It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code.
44cc61fc8f1ba9879daf5791dc2d49770c1c302d382127a68e0bd0f391707197TinySRP appears to suffer from a buffer overflow vulnerability in the username field.
77b7bd5fa6ad642e38cebe659484fab925425c8a24142bd0d9e1cbb1b5cf414b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed