Apple's libc security update for OS X El Capitan version 10.11.2 has an incomplete fix.
1e5f9c6d0b83d92011bbf4e96ebccd3cac5637b6b7ee38f795eecf2e67ee7819Cisco Security Advisory - A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor (RP) of an affected device, which could cause the device to drop all control-plane protocols and lead to a denial of service condition (DoS) on a targeted system. The vulnerability is due to improper handling of crafted, fragmented packets that are directed to an affected device. An attacker could exploit this vulnerability by sending crafted, fragmented packets to an affected device for processing and reassembly. A successful exploit could allow the attacker to cause a memory leak on the RP of the device, which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, there are mitigations for this vulnerability.
0f8053bc0738b5eb624d423cfbff6b3798c7960f57b14cc33a6ae35d37855c49Apple Security Advisory 2016-07-18-1 - OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses arbitrary code execution, information disclosure, and various other vulnerabilities.
a2d9354c4a7f6ea06efa521cdd6516fbf0a138a5ca0981e16938eab249ee9d7dCisco Security Advisory - A vulnerability in the management of system timer resources in Cisco IOS XR for Cisco Network Convergence System 6000 (NCS 6000) Series Routers could allow an unauthenticated, remote attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the Route Processor (RP) on the affected platform. The vulnerability is due to improper management of system timer resources. An attacker could exploit this vulnerability by sending a number of Secure Shell (SSH), Secure Copy Protocol (SCP), and Secure FTP (SFTP) management connections to an affected device. An exploit could allow the attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the RP on the affected platform. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
d2a2fb27fa8069e1f32a27a53e552ca35bbb07276c635891d08f5591239efdb9Apple Safari version 9.1.1 for Mac OS X suffers from a local XXE vulnerability when processing specially crafted SVG images. This does not work with downloaded files.
23bbd32f77e1c03ed726b6f44b84ac17454893681f3844f34b64aef3707c3454Red Hat Security Advisory 2016-1207-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.
94fcc13961bb040ea0f4d2d1fce70c38aed4322503e29ff01294a9416f5fa12cThe Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
56f99b77c57cdb1e84a9404b589c1d443d52877ee456c02cc7eae25105c18ae5Cisco Security Advisory - A vulnerability in the IP Version 6 (IPv6) packet processing functions of Cisco IOS XR Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted IPv6 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 Neighbor Discovery packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to stop processing IPv6 traffic, leading to a DoS condition on the device. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
422dd95ef9c0a22224d798a49ef218e76220a608771dbadde196bfc3eb0fb2fbApple Security Advisory 2016-05-16-4 - OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leakage, and various other vulnerabilities.
033664aa28ec2879dd3701fb337746a01283cd594653ca2f21434886e857c2b1Phrack Magazine Issue 69 - Articles include Phrack Prophile on Solar Designer, Revisiting Mac OS X Kernel Rootkits, Modern Objective-C Exploitation Techniques, and much more.
b58a20cf3e17aa3041c7015488649dc35bf1feb01bcdeb3ddd009e2bc71986fcThis Metasploit module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (for example) which is actually a crafted SVG (for example) that triggers the command injection. Tested on Linux, BSD, and OS X. You'll want to choose your payload carefully due to portability concerns. Use cmd/unix/generic if need be.
b4c6b0e7acc235fa1688e82fff7eedb021357977c009bfb8d3faf0171a733bf1This is a SUID, SIP, and binary entitlements universal OS X local privilege escalation exploit.
49924fa08f8b101fdbdbfba6d5e985f619bd430e2fafdbe9548a078782bb9339Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This requires a superuser. This is usually postgres. The execution should be platform-agnostic, and has been tested on OS X, Windows, and Linux. This Metasploit module attempts to load Perl or Python to execute system commands. As this dynamically loads a scripting language to execute commands, it is not necessary to drop a file on the filesystem. Only Postgres 8 and up are supported.
35a6a49124ad62dab21bd8ac5c63333438e1b0e3ebfa9c2ae8f568b3ec88f1c1Cisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the vulnerable device.
18b930eb75967cb7ea01a0eaf7a974f21b10af07b68ca43711cc30f589a17f1cCisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) version 2 (v2) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to an improper handling of crafted, fragmented IKEv2 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.
210ad4da6ac20b8601b82dc32071c53bf698d18f5db91e2d3b3ed794abbfca80Cisco Security Advisory - A vulnerability in the Session Initiation Protocol (SIP) gateway implementation in Cisco IOS, IOS XE, and Cisco Unified Communications Manager Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of an affected device. The vulnerability is due to improper processing of malformed SIP messages. An attacker could exploit this vulnerability by sending malformed SIP messages to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling SIP on the vulnerable device.
82f7616aeeffff2c3526a5e32f3ec5032d0965215fa1730a4b03b1956abd77b3Cisco Security Advisory - A vulnerability in the DHCP version 6 (DHCPv6) relay feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 relay messages. An attacker could exploit this vulnerability by sending a crafted DHCPv6 relay message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
4b7b9f267c20abe07e7b17e66c8b870b9a8e0b20a8cd0ef535d5c77533548d70Mac OS X kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleUSBPipe::Abort.
143c8edb082144d486e1c248032995f02f0e99555d57358b3a070cca59501529Mac OS X kernel has an issue where an unchecked array index can be used to read an object pointer then call a virtual method in the Nvidia GEForce driver.
8f940c5ed303d010b19d9f30337e7546f4aff5203b1fbca11bcbe729635d754bThe Mac OS X kernel suffers from use-after-free and double delete issues due to incorrect locking in the Intel GPU driver.
ca15dbb2b908cc1bd1b9e630c704f934d111095bea1cb1c8e14eacb07227a2e0Apple Security Advisory 2016-03-21-7 - OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities.
3f5b87490fc0b888969c59aa3c86769bc4e48285372026935f48a72f9f313a9aApple Security Advisory 2016-03-21-5 - OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
70ee7534060a15cce4887519635499ad26a30d4596bdf4d28ce6ea94b25fefadUbuntu Security Notice 2909-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.
47eca111b5e14e6a83d4d3e3e108c3c0f4bb558525426c43eb0ea1c7acf76544Ubuntu Security Notice 2910-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.
d315767d6b74fc5875e1959ee3b8350c03d865880496c94d9e5829712fcd69a4Ubuntu Security Notice 2908-2 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.
3bd3447a7566b4ddafb9950b75297f97dfae5f898ad9d051beef16b3a2597662
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed