This archive contains all of the 126 exploits added to Packet Storm in November, 2017.
26601646404269f67714b699baf4aa308c3055fdc175b26bcf68a6cae8ee8041Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
189495996b68940626cb53b31c8902fa1bb5a96b61217cea42734c13925ff12eWindows Defender suffers from a controlled folder bypass through the UNC path. Affected includes Windows 10 1709 and Antimalware client version 4.12.16299.15.
8c42f09a92d4949b319052b516e66c9db035671371c1660e47a272790b1bc47bRed Hat Security Advisory 2017-3315-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory.
2028823382216b9493c0bf056280c297c2bd677f271814aa58d6cf9f13e8cca5Debian Linux Security Advisory 4052-1 - Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.
06de7ebfe4eb54489505eb26fdc2a04dce80457e49b28c9c2119d0190c1fdc38Red Hat Security Advisory 2017-3368-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: Quick Emulator, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.
682cd4f9e4229c10932e11b3d2ac23066bdafab617753713cb2ec10632130e20Red Hat Security Advisory 2017-3369-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS.
8772a3e39319b85ec00526ac683eb62611b7a823641c428559c0c26d704e710bDebian Linux Security Advisory 4051-1 - Two vulnerabilities were discovered in cURL, an URL transfer library.
abf8f2192ee54bd891f3a491928912c1fd8e425aa2cf0c71f3258482af29ea8cThis is a proof of concept for the Huge Dirty Cow vulnerability (CVE-2017-1000405). Before running, make sure to set transparent huge pages to "always" with "echo always | sudo tee /sys/kernel/mm/transparent_hugepage/enabled".
50b43bfd2a4bd7eba2cd6356aa2b51d18c79f963281e4740e87af772ef924eedWordPress WooCommerce plugin versions 2.0 and 3.0 suffer from a directory traversal vulnerability.
ef9a9858c034e30ca756d4c222afd09c9ef7645557959e2a92d02f963b329590Red Hat Security Advisory 2017-3295-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users.
ec748d31f8d2398f3d79e56a226080b8b5e1a61e3e3e6554dbaa7f83a39f6847Red Hat Security Advisory 2017-3354-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.7 serves as a replacement for Red Hat JBoss BRMS 6.4.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests.
65b88debbef2de39ad5456c58be485ebf803c8d40914a6b1ddee02d891692010Red Hat Security Advisory 2017-3355-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.7 serves as a replacement for Red Hat JBoss BPM Suite 6.4.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.
0a968c131c0cf64a0e431aaa4b747d7d12b6461c6022d6efe499c75df1517f28Red Hat Security Advisory 2017-3322-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users.
4973d71923df5aa9887f8d97bd478129ae45c8f7a2c0eb31d083e45262e11f9dRed Hat Security Advisory 2017-3335-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 will be retired as of December 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.2 AMC after December 31, 2017.
002395070a9ea0b5d0fa582a7794a228cc412acc4553e1d160febe908f935da1ZKTeco ZKTime Web version 2.0.1.12280 suffers from a cross site request forgery vulnerability.
21008dfe6fbe16a0b13bac22f783c57905d07fcef1531edfd2e92e95a3df8deaZKTeco ZKTime Web version 2.0.1.12280 suffers from a cross site scripting vulnerability.
2a7737b3cfdd98693346b1ec8605e77bb6c5b25e75e151d0d9c4e03cec42a6cc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed