Red Hat Security Advisory 2017-1481-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.
26d01b92643e1ee3f841e2985d2bd969Red Hat Security Advisory 2017-1480-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.
bc110fd2c8a3043c369b7e62c2057b17Red Hat Security Advisory 2017-1479-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.
96ed8575b1f88bcd28d167a8cb15d9b2Parallels Desktop version 12.2.0 and below suffer from a vulnerability that allows remote file sharing to be leveraged against the host operating system for arbitrary code execution.
69a4be4fd7692e5549456f998744139aAtlassian SourceTree Client version 2.5c and prior contain a client URL handler command injection vulnerability that allows attackers to execute specially crafted sourcetree:// commands with arbitrary arguments on multiple platforms.
dc5158c6d9969d6de9329a467ec14160HideMyAss Pro VPN client version 3.3.0.3 for OS X suffers from a helper binary (com.privax.hmaprovpn.helper) local privilege escalation vulnerability.
dbab384b2c2cf9076d625633efca65abHideMyAss Pro VPN client version 2.2.7.0 for OS X suffers from a helper binary (HMAHelper) local privilege escalation vulnerability.
4e9c69f81809b928fa5fb9a01e6fd6c7GNS3 Mac OS-X version 1.5.2 ubridge privilege escalation exploit.
dec70585733d3d532b738a209e7812a3Cisco Security Advisory - A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
8e211358e033468251f63614e5b2fb40Cisco Security Advisory - A vulnerability in the DHCP client implementation of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
93df32052601d328373b0ac491815e96Red Hat Security Advisory 2017-0680-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code.
1ecabbc72c7b60a99fde956929c63e70Cisco Security Advisory - A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: The failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device, and The incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
e95dfb301f191a5ec25fd4391f2377a8Cisco Security Response - Several researchers have reported on the use of Smart Install (SMI) protocol messages toward Smart Install clients, also known as integrated branch clients (IBC), allowing an unauthenticated, remote attacker to change the startup-config file and force a reload of the device, upgrade the IOS image on the device, and execute high-privilege CLI commands on switches running Cisco IOS and IOS XE Software. Cisco does not consider this a vulnerability in Cisco IOS, IOS XE, or the Smart Install feature itself but a misuse of the Smart Install protocol that by design does not require authentication.
c96bbaa757e47e6830e465936de741d3Debian Linux Security Advisory 3778-1 - Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library that provides the ability to deal with POSIX tar archive files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
b910898d8052c81fee3aa14c5a0848f5syslogd on Mac OS and iOS suffers from an arbitrary port replacement vulnerability.
8eb7916a048ecdbb23dee2bb2a35b379A lack of error checking leads to a reference count leak and OS X / iOS kernel use-after-free vulnerability in _kernelrpc_mach_port_insert_right_trap.
2dfcf68cd51acc4fa50dafc6d021feb4A broken kernel mach port name uref handling on iOS and Mac OS can lead to privileged port name replacement in other processes.
3a001d596093a86e7bb1c9f6ff060a77There is an ipc_port_t reference count leak due to incorrect externalMethod overrides that lead to a Mac OS X / iOS kernel use-after-free vulnerability.
c1a88972c2e7188bba733c5fcecbbb8bRed Hat Security Advisory 2016-2573-02 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.
a6f6d5517d89fb0a51eaeb83b0408e75A logic issue in launchd message requeuing allows arbitrary mach message control. Mac OS X version 10.11.6 is affected.
535e9aa8ea1d3f66f7673b23668db025Multiple memory safety issues exist in Mac OS X and iOS inside of mach_ports_register.
f07634e9d84bf8ba6bb3b4515e3d8adaVMware Security Advisory 2016-0017 - VMware product updates address information disclosure issues in VMware Fusion and VMware Tools running on Mac OS X.
b2a2ee431c2950df3b33db5e02601785Mac OS X and iOS kernels suffer from a use-after-free vulnerability in IOSurface.
2283c84309c30c849907e3df36c1e0c6The Mac OS X kernel suffers from a use-after-free vulnerability. in IOBluetoothFamily.kext.
a276e72f348ef8cbf953c244afbf8b4dCisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.
f4a1186c6866c8953658abc16723759c
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed