Cambium ePMP 1000 suffers from a remote OS command injection and privilege escalation vulnerabilities.
f3f71e560f8ee614e20bf5956339837e20028c8d5053172f3eb99639d547b9e1There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff windowThere's an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff window.
7dd26a5b0e5074777454a033d2a5cf9abf8079a2604f2b566807914eb6911c4bNo Big Thing Conference #2 has announced their Call For Papers. It will take place in San Francisco, CA, USA on December 5, 2015.
c977209df17aa6e2e8bc476201d0ed8ec1e4645f5883d987d39ce467628e89c6Red Hat Security Advisory 2015-2101-01 - Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory.
cc582ebc49e27cc4fafe81b106e309a23e455c02652176ce97cad6da6638b90aRed Hat Security Advisory 2015-2088-06 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges.
969133ceccf94cfbbd19259f9b16682286538b1be6ef824cd26361a6825383a7Red Hat Security Advisory 2015-2111-07 - The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory.
85af8b14f39b036a24bff1ae72c7129266031c69712bacc24a3eedde004aeec6Red Hat Security Advisory 2015-2131-03 - OpenLDAP is an open-source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. This issue was discovered by Martin Poole of the Red Hat Software Maintenance Engineering group.
7bc976e464c0ae54fe7601d196a030253fba798be58f9fe678e1cae3370995b2Red Hat Security Advisory 2015-2079-09 - The binutils packages provide a set of binary utilities. Multiple buffer overflow flaws were found in the libbdf library used by various binutils utilities. If a user were tricked into processing a specially crafted file with an application using the libbdf library, it could cause the application to crash or, potentially, execute arbitrary code. An integer overflow flaw was found in the libbdf library used by various binutils utilities. If a user were tricked into processing a specially crafted file with an application using the libbdf library, it could cause the application to crash.
ffc6ec1dcdf0d2a09814a10e6711d7ff034fa0cc3ab0adcf54f1d16a7c573c81Red Hat Security Advisory 2015-2108-03 - The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. A heap-based buffer overflow flaw was found in cpio's list_file() function. An attacker could provide a specially crafted archive that, when processed by cpio, would crash cpio, or potentially lead to arbitrary code execution. This update fixes the following bugs: Previously, during archive creation, cpio internals did not detect a read() system call failure. Based on the premise that the call succeeded, cpio terminated unexpectedly with a segmentation fault without processing further files. The underlying source code has been patched, and an archive is now created successfully.
040f489f569742c7ec032acfcbab8c837af8e84536287fb290242c5694346665Red Hat Security Advisory 2015-2172-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap in certain cases. A local attacker could potentially use this flaw to escalate their privileges.
85b19fac93010af8ff49962e528a4a1656adaf223c5b448e01bf25afe054dd99Red Hat Security Advisory 2015-2455-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. A denial of service flaw was found in unbound that an attacker could use to trick the unbound resolver into following an endless loop of delegations, consuming an excessive amount of resources. Prior to this update, there was a mistake in the time configuration in the cron job invoking unbound-anchor to update the root zone key. Consequently, unbound-anchor was invoked once a month instead of every day, thus not complying with RFC 5011. The cron job has been replaced with a systemd timer unit that is invoked on a daily basis. Now, the root zone key validity is checked daily at a random time within a 24-hour window, and compliance with RFC 5011 is ensured.
80eec6ea3b08ffaf69bd8e7af8262477749a554f359c9fa6654843dacb0da7b6Red Hat Security Advisory 2015-2355-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD's Privilege Attribute Certificate responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in.
d919b3f85feab93be7bf6b2682d4b77d4f83d744a808670bebdba7e9c5849e5dRed Hat Security Advisory 2015-2378-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a Squid server using a specially crafted X.509 certificate. This update fixes the following bugs: Previously, the squid process did not handle file descriptors correctly when receiving Simple Network Management Protocol requests. As a consequence, the process gradually accumulated open file descriptors. This bug has been fixed and squid now handles SNMP requests correctly, closing file descriptors when necessary.
d5ceee7ceef28f7f64ebb85564d2ca943167c76079f8f17f04b21946deed25d4Red Hat Security Advisory 2015-2401-01 - The grub2 packages provide version 2 of the Grand Unified Bootloader, a highly configurable and customizable bootloader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. It was discovered that grub2 builds for EFI systems contained modules that were not suitable to be loaded in a Secure Boot environment. An attacker could use this flaw to circumvent the Secure Boot mechanisms and load non-verified code. Attacks could use the boot menu if no password was set, or the grub2 configuration file if the attacker has root privileges on the system.
4327d3ee158f711d7728f32d83ffc49db208dd3343a4c84294b3a8829b0ea893Red Hat Security Advisory 2015-2411-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.
4ebb6d7591b02e0740e1a4134740ddd99527157811e2ec9e82dc7ce5145182a6SuperScan version 4.1 suffers from multiple buffer overflow vulnerabilities. Three exploits included.
faab1615119f9b0f7d4655030b73df369c1177c71211dfa8835d2279b858b83dRed Hat Security Advisory 2015-2393-01 - The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
7fa1d5965fcdb7376caea0d20539e89ca9f307a3252180cbe64b9f0fe3792413Red Hat Security Advisory 2015-2369-01 - OpenHPI is an open source project created with the intent of providing an implementation of the SA Forum's Hardware Platform Interface. HPI provides an abstracted interface to managing computer hardware, typically for chassis and rack based servers. HPI includes resource modeling, access to and control over sensor, control, watchdog, and inventory data associated with resources, abstracted System Event Log interfaces, hardware events and alerts, and a managed hotswap interface. It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory.
e7df1a853775a90d3a68dbd2fed4d5dd7892e4628de4fc60f28bb7aad604a4b9Red Hat Security Advisory 2015-2417-01 - The autofs utility controls the operation of the automount daemon. The daemon automatically mounts file systems when in use and unmounts them when they are not busy. It was found that program-based automounter maps that used interpreted languages such as Python used standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. Note: This issue has been fixed by adding the "AUTOFS_" prefix to the affected environment variables so that they are not used to subvert the system. A configuration option to override this prefix and to use the environment variables without the prefix has been added. In addition, warnings have been added to the manual page and to the installed configuration file. Now, by default the standard variables of the program map are provided only with the prefix added to its name.
938bddcc05ef3a967bc0324c2b7f685303c54b21adf5ca65cc6f3b7debd225deRed Hat Security Advisory 2015-2184-07 - The realmd DBus system service manages discovery of and enrollment in realms and domains, such as Active Directory or Identity Management. The realmd service detects available domains, automatically configures the system, and joins it as an account to a domain. A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response. It was found that the realm client would try to automatically join an active directory domain without authentication, which could potentially lead to privilege escalation within a specified domain.
981a9b0321ff21c29c033023f1fc5131026055ccb57948a3681f9525a4fe738dRed Hat Security Advisory 2015-2237-03 - The rest library was designed to make it easier to access web services that claim to be RESTful. A RESTful service should have URLs that represent remote objects, which methods can then be called on. It was found that the OAuth implementation in librest, a helper library for RESTful services, incorrectly truncated the pointer returned by the rest_proxy_call_get_url call. An attacker could use this flaw to crash an application using the librest library. All users of rest are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using librest must be restarted for the update to take effect.
04eeea15de2be3c18485bfbf68f2b667a513654a013cc5e067d58e574e7f0652Red Hat Security Advisory 2015-2315-01 - NetworkManager is a system network service that manages network devices and connections. It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs, without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication. A flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination.
9bededbe927f0a591fc181a4af27a88f98de6fb87115ad57c30589c4ec04517dRed Hat Security Advisory 2015-2290-01 - The pcs package provides a configuration tool for Corosync and Pacemaker. It permits users to easily view, modify and create Pacemaker based clusters. The pcs package includes Rack, which provides a minimal interface between webservers that support Ruby and Ruby frameworks. A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash.
73ce1ab619ad7d58f082e730dba7eb76cace797aaa7b19b4f36cbe167c6e4e74Red Hat Security Advisory 2015-2360-01 - The cups-filters packages contain back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use these flaws to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user.
1e2a6d802503add8b7fba3cda011eb13d52730a51fb791e23c5b1a617c7b18ffRed Hat Security Advisory 2015-2383-01 - The Pacemaker Resource Manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well. The pacemaker packages have been upgraded to upstream version 1.1.13, which provides a number of bug fixes and enhancements over the previous version.
6559dac8245fb4ebad28410dfade1a8a7333f492bf49e1c9ec3cbbb4b9707f4b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed