This archive contains 191 exploits that were added to Packet Storm in September, 2015.
dbcc2c23f380e55442959b7f96b6a54560db3fece32bfae2df7c76134db406d0By analyzing the password-based authentication for unloading the Kaspersky Small Office Security protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe (actually within the module avpmain.dll), which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Small Office Security in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.
f56f7f4ad60158ad733a4f73ea4635638de505c45f25ef6e8047b7a8a8e5a7ceThe SySS GmbH found out that the admin password for protecting different functions of the Kaspersky Endpoint Security software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry.
8a7c74b5cbb75ec15cb0f9a3938c69c29a10c97069f7ba7e4871500310fbc21cBy analyzing the password-based authentication for unloading the Kaspersky Endpoint Security for Windows protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe, which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Endpoint Security for Windows in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.
2d0462fc09a2607d7ee16b44834d6ec901e61cace833e168b9102654473f32bcThe SySS GmbH found out that the administrator password for protecting different functions of the Kaspersky Anti-Virus software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry.
ea3ba68c2445280d74bd945ec27706a66dc51e94a333bf175519fd2093dc8a5eBy analyzing the password-based authentication for unloading the Kaspersky Anti-Virus protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe (actually within the used module shell_service.dll), which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Anti-Virus in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.
554441351ca1092de802550ffa43352381d6c7482cd5373295ac4d9310a088aaThe SySS GmbH found out that the administrator password for protecting different functions of the Kaspersky Internet Security software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry.
1de91bfb49d3f0e7cd83b46395378df631ea2882433f6e879dd0b109e920970eBy analyzing the password-based authentication for unloading the Kaspersky Internet Security protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe (actually within the used module shell_service.dll), which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Internet Security in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.
15965bde1ae5e842c07d11a1778e4a501e0cade94ff4d28bf4c19ef058f87c30The SySS GmbH found out that the administrator password for protecting different functions of the Kaspersky Total Security software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry.
bb0133dfea19da32e1adc63779e910d52d60547b085a50a1b291be2d89764758By analyzing the password-based authentication for unloading the Kaspersky Total Security protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe (actually within the used module shell_service.dll), which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Total Security in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.
b12d3e03fd22c3e9658d41432c039d1d5f73a44ea1032e75289b6f1261bafbdfThe SySS GmbH found out that the administrator password for protecting different functions of the Kaspersky Small Office Security software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry.
f9313aec301a7c3586f846924c4e87db8f5ea73a5ca80b220b990f5e9dca66c1Apple Security Advisory 2015-09-30-03 - OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases.
7a0709c784a5d4fb9ea404af89915bb4719339d731eebc17ca1e750e0b02747cApple Security Advisory 2015-09-30-02 - Safari 9 is now available and addresses spoofing, communication compromise, and various other vulnerabilities.
f7eaab35b779b1ee16d519af96740060a307af52548f068b4694e3adf3b64512Apple Security Advisory 2015-09-30-01 - iOS 9.0.2 is now available and addresses a lock screen vulnerability.
1c1225f2b5f5b456ec0dffaa574efec381a0e0d2c2495f1881bc0d3a001a1522This bulletin summary lists three bulletins that have undergone a major revision increment for September, 2015.
8ab69149e3c3b3011de66ae2c05b98822a48d2fb4cdc81d69be341a630021109MakeSFX.exe version 1.44 suffers from stack-based buffer overflow vulnerability.
f489b59bc2b43a739615a86a6ca5f4d1753468a1e8f19242aaa24ff346527e0bApache James Server version 2.3.2 suffers from an arbitrary command execution vulnerability.
26ae7acec4f69a123fe370fbec1b701a4575bc405486c9ecc68c669388c07534Proof of concept code that demonstrates a path traversal vulnerability in ElasticSearch that allows for arbitrary file disclosure.
acc7fbc1802f44f38d620e53cd9d14a6ea2c9e4d060e96de4e1424e40872e719The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere in a directory in /tmp circumvents that protection thus making it possible to load a shared library containing a payload which creates a root shell.
2fe41a90799fee4a1fce5da2d6dcba950035afb15b2c3fe6f1dcec5f37e1a3a0WinRAR suffers from an expired notification OLE remote command execution vulnerability.
db092f276378558a38672a576c156ba5b7be056d2913c9e54a2bee5c5dd5ad96Red Hat Security Advisory 2015-1852-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to disclose sensitive information or, in certain cases, crash.
6e7e268e13f910659816f2055e7d1c746990ae30e437f04630def1118fef9949HP Security Bulletin HPSBGN03424 1 - A potential security vulnerability was been identified in HP Cloud Service Automation version v4.5. The vulnerability could be exploited to allow remote authentication bypass. Note: HP C.A. contains a version of Node.js, that when used in FIPS mode is affected by Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793). The vulnerability may allow remote attacker to spoof a Certification Authority role and trigger unintended certificate verification. Revision 1 of this advisory.
68063a09ba235e57ef08ea3c582568655dc17f3738ca1db97fe8ccd65d0c3a3cRed Hat Security Advisory 2015-1853-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 2 offering was retired on September 30, 2015, and support is no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 2 after September 30, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 2 after this date. We encourage customers using Red Hat Enterprise Linux 6 to plan their migration from Red Hat Enterprise Developer Toolset Version 2 to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product.
4596d8b49632d2d7e5c480de9b7addca7defd927c7b14dd2a141aee1f73130aaUbuntu Security Notice 2758-1 - It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. It was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
1fd293d881cea98cd6659c2b1a769ba634f267d1f989e5256cc760a12d6e2823HP Security Bulletin HPSBST03502 1 - A potential security vulnerability has been identified in HP 3PAR Service Processor (SP) SPOCC. The vulnerability could be exploited to allow remote disclosure of information. Revision 1 of this advisory.
ba0b240fd9294a4c4a988e878cf7d1f0103b0c96b20397f3980392011e1a7bad
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed