all things security
Showing 51 - 75 of 644 RSS Feed

Operating System: Mac OS X

Ubuntu Security Notice USN-2909-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2909-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | c3d900dc55125d606c8ada34c35b315d
Ubuntu Security Notice USN-2910-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2910-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | 5ed676fa5fe812b5a94013b6252bcc09
Ubuntu Security Notice USN-2908-2
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-2 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
MD5 | 2d7c7ee60e1a7d19a52efbf09b6c634a
Ubuntu Security Notice USN-2908-3
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-3 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
MD5 | 5680672e83a8e72b5207ee657a22e029
Ubuntu Security Notice USN-2908-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
MD5 | d5d7f2d06c1fbed5492bd96a66c1e041
Ubuntu Security Notice USN-2907-2
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2907-2 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | 798142f94f449f05b15e2d12b69f7543
Ubuntu Security Notice USN-2907-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2907-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | e8d3239a49034312268ff7337e572e1f
Red Hat Security Advisory 2016-0225-01
Posted Feb 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0225-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.

tags | advisory, remote, overflow
systems | linux, redhat, osx
advisories | CVE-2015-7547
MD5 | 704f74a2ec2b23ccef1d4561fcdc8657
Red Hat Security Advisory 2016-0176-01
Posted Feb 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0176-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.

tags | advisory, remote, overflow
systems | linux, redhat, osx
advisories | CVE-2015-5229, CVE-2015-7547
MD5 | 5f58c9b7c52c02becfe6b3d2e8357ea9
Red Hat Security Advisory 2016-0175-01
Posted Feb 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0175-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.

tags | advisory, remote, overflow
systems | linux, redhat, osx
advisories | CVE-2015-7547
MD5 | 1dad5ded0754526407fbb5cff6df2899
OS X Sysmond XPC Type Confusion Privilege Escalation
Posted Feb 10, 2016
Authored by Google Security Research, ianbeer

OS X suffers from a privilege escalation vulnerability due to XPC type confusion in sysmond.

tags | exploit
systems | linux, apple, osx
advisories | CVE-2014-8835
MD5 | 3ac26a15ec16701e2fb2e821afc62436
iOS / OS X Kernel IOHDIXControllUserClient:clientClose UAF / Double Free
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

iOS / OS X kernels suffer from a use-after-free / double free vulnerability due to lack of locking in IOHDIXControllUserClient:clientClose.

tags | exploit, kernel
systems | cisco, linux, apple, osx, ios
advisories | CVE-2015-7110
MD5 | 4ca3511924adc3aa52a467b0ddf5ed87
iOS / OS X Iokit Registry Iterator Double Free
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

iOS / OS X suffer from a kernel double free due to lack of locking in Iokit registry iterator manipulation.

tags | exploit, kernel, registry
systems | cisco, linux, apple, osx, ios
advisories | CVE-2015-7084
MD5 | c9357d0e4d6e5c18a2ac1368f7f6da8e
iOS / OS X NECP System Control Integer Overflow
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

iOS and OS X suffers from a kernel code execution vulnerability due to an integer overflow in NECP system control socket packet parsing.

tags | exploit, overflow, kernel, code execution
systems | cisco, linux, apple, osx, ios
advisories | CVE-2015-7083
MD5 | d2d590a1897674eee90f0e0ceadb0af8
iOS / OS X IOHIDEventQueue:start Code Execution
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

iOS and OS X suffer from a kernel code execution vulnerability via double-delete in IOHIDEventQueue:start due to incorrect error handling.

tags | exploit, kernel, code execution
systems | cisco, linux, apple, osx, ios
advisories | CVE-2015-7112
MD5 | b346e5d7b4ab0305590a11f0d0ad7091
Apple Security Advisory 2016-01-19-2
Posted Jan 20, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-01-19-2 - OS X El Capitan 10.11.3 and Security Update 2016-001 are now available and address memory corruption, code execution, and privilege escalation vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple, osx
advisories | CVE-2015-7995, CVE-2016-1716, CVE-2016-1717, CVE-2016-1718, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722, CVE-2016-1729
MD5 | 1a3cee9c9c4fc15f51453f6d8a64e885
Apple Security Advisory 2015-12-08-3
Posted Dec 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-12-08-3 - OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses 54 vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-2895, CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2015-3807, CVE-2015-5333, CVE-2015-5334, CVE-2015-6908, CVE-2015-7001, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7044, CVE-2015-7045, CVE-2015-7046, CVE-2015-7047, CVE-2015-7052, CVE-2015-7053, CVE-2015-7054, CVE-2015-7058, CVE-2015-7059, CVE-2015-7060, CVE-2015-7061, CVE-2015-7062, CVE-2015-7063
MD5 | a3dfdb84b85b00741b1c089a33944dfe
Red Hat Security Advisory 2015-2589-01
Posted Dec 9, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2589-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap. A local attacker could potentially use this flaw to execute arbitrary code on the system. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.

tags | advisory, arbitrary, local, info disclosure
systems | linux, redhat, osx
advisories | CVE-2013-7423, CVE-2015-1472, CVE-2015-1473, CVE-2015-1781, CVE-2015-5277
MD5 | 19cba1476d7eb01430fcb1c63abd9f4d
Mac OS X 10.11 FTS Buffer Overflow
Posted Dec 8, 2015
Authored by Maksymilian Arciemowicz

Mac OS X version 10.11 suffered from an FTS deep structure of the file system buffer overflow vulnerability.

tags | exploit, overflow
systems | apple, osx
advisories | CVE-2010-0105, CVE-2013-6799, CVE-2014-4433, CVE-2014-4434
MD5 | 675fdc1af0d659351253897581e4b48f
Zed Attack Proxy 2.4.3 Mac OS X Release
Posted Dec 5, 2015
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.

Changes: Various updates.
tags | tool, web, vulnerability
systems | apple, osx
MD5 | c3c2d165042c07a633a09351438e294d
Red Hat Security Advisory 2015-2172-01
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2172-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap in certain cases. A local attacker could potentially use this flaw to escalate their privileges.

tags | advisory, local
systems | linux, redhat, osx
advisories | CVE-2015-5277
MD5 | 5a2d5495061f0d8393e5fc76051420f8
Red Hat Security Advisory 2015-2199-07
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2199-07 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.

tags | advisory, info disclosure
systems | linux, redhat, osx
advisories | CVE-2013-7423, CVE-2015-1472, CVE-2015-1473, CVE-2015-1781
MD5 | 172d662a824a537a6efe1d8c277fd6e6
Mac OS X 10.9.5 / 10.10.5 rsh/libmalloc Privilege Escalation
Posted Oct 27, 2015
Authored by rebel, shandelman116 | Site metasploit.com

This Metasploit module writes to the sudoers file without root access by exploiting rsh and malloc log files. Makes sudo require no password, giving access to su even if root is disabled. Works on OS X 10.9.5 to 10.10.5 (patched on 10.11).

tags | exploit, root
systems | apple, osx
advisories | CVE-2015-5889
MD5 | dc4258c8896b5eff92876ba20f531ffd
Safari User-Assisted Applescript Exec Attack
Posted Oct 23, 2015
Authored by joev | Site metasploit.com

In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by hooking the cmd-key keypress event, a user can be tricked into running arbitrary Applescript code. Gatekeeper should be disabled from Security and Privacy in order to avoid the unidentified Developer prompt.

tags | exploit, arbitrary
systems | apple, osx
advisories | CVE-2015-7007
MD5 | 89e9bb2d3aa0c450f7ded6ee07b500b6
Apple Security Advisory 2015-10-21-8
Posted Oct 21, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-10-21-8 - OS X Server 5.0.15 is now available and addresses BIND and bypass vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2015-5722, CVE-2015-5986, CVE-2015-7031
MD5 | 89d74c687550d2db47b44e8180b3b8a4
Page 3 of 26
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close