The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere in a directory in /tmp circumvents that protection thus making it possible to load a shared library containing a payload which creates a root shell.
2fe41a90799fee4a1fce5da2d6dcba950035afb15b2c3fe6f1dcec5f37e1a3a0
Cisco AnyConnect Secure Mobility Client for OS X is affected by a vulnerability that allows local attackers to mount arbitrary DMG files at arbitrary mount points. By exploiting this vulnerability is is possible for the attacker to gain root privileges. Cisco reports that a similar issue also exists in Cisco AnyConnect Secure Mobility Client for Linux.
66660159f211f495d60f7ca1acea5dbe4e444722621da4f69354d6747a67fc1b
Cisco Security Advisory - A vulnerability in the processing of IPv4 packets that require Network Address Translation (NAT) and Multiprotocol Label Switching (MPLS) services of Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4300 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper processing of IPv4 packets that require NAT and MPLS processing. An attacker could exploit this vulnerability by sending an IPv4 packet to be processed by a Cisco IOS XE device configured to perform NAT and MPLS services. A successful exploit could allow the attacker to cause a reload of the affected device. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate this vulnerability.
426911a2340b77ce46c2ba99fd3f3b7030de0d1d02a5d5585ee5a5138cc0f294
Cisco Security Advisory - A vulnerability in the SSH version 2 (SSHv2) protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configured for the Virtual Teletype (VTY) line. Depending on the configuration of the user and of the vty line, the attacker may obtain administrative privileges on the system. The attacker cannot use this vulnerability to elevate privileges. The attacker must know a valid username configured for RSA-based user authentication and the public key configured for that user to exploit this vulnerability. This vulnerability affects only devices configured for public key authentication method, also known as RSA-based user authentication feature. Cisco has released software updates that address this vulnerability. Workarounds for this vulnerability are not available; however administrators could temporarily disable RSA-based user authentication to avoid exploitation.
6bb5a45a2fbd512ed3aa4d90ff71881a50ad9af02083391db8eaf255a2cc93bb
Cisco Security Advisory - Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities.
e1f2da6fedc66d63bb64c173c44f2ac66b96073b0f040599afe50fd556f7059a
OS X Regex Engine (TRE) suffers from integer signedness and overflow issues.
c4c0f4887f90a7b044ece2c30e99c3551cdccd98d07ef1bb542fc7bca4fc060e
OS X Regex Engine (TRE) suffers from a stack buffer overflow vulnerability.
5ad1dbca55084a0bde0fa1fbe2614f5806fada2f7a3afbc24bc91426dba68011
The OS X regex engine (TRE) uses the alloca function in a few places, sometimes where an attacker can partially control the size.
4892e0cd6b0f4549272861144a2d62b719c14ab2eeb90564785bc88c25656d6e
Apple Security Advisory 2015-09-16-4 - OS X Server 5.0.3 is now available and addresses denial of service, code execution, and various other vulnerabilities.
8254c8d55f2667e65687c75dc0e4ebbbd127b907729adba11b4a141d12fc30b2
An OS X IOKit kernel memory corruption issue occurs due to a bad bzero in IOBluetoothDevice.
f3d2f3b8051f90b86f0cfd263f09f98a7e0e04c1e1fcff20c13e3ca8f318052c
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
b6d8f3a9632ab99bae4097084df74efd2321c22182aff3a119dd1e69ecc69a63
Disconnect.me versions 2.0 and below suffer from a local privilege escalation vulnerability on Mac OS X.
c9dbb506c64347ed7c7856a009d1aaf86f85e2756fd4d256803477716b89bdec
34 bytes small NULL byte free OS X x64 /bin/sh shellcode.
62604cfda35d5ea48e784d6b5bfb83d4ce2aa61f09505d7ee7a39833737dc0ef
Red Hat Security Advisory 2015-1627-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support.
09824f32e3805a9e1048366162b64a1f26104e46bb0ac50ac2b3cfa92168bbeb
Apple Security Advisory 2015-08-13-4 - OS X Server v4.1.5 is now available and addresses a BIND related denial of service vulnerability.
f5e6c2b5a0d5ca19d92a278a308911b7cb4cc61a13ba12f4a9b43825f1a463cf
Apple Security Advisory 2015-08-13-2 - OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIController, and more.
1ccd5f307af57152abb6e4f0da773ca4420fb7a6e98f26301366a9071ecc9a33
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
98c9cab401dd95c021ee32cf4030aa63a64f08a82c6fe0d2493663e3c6e1c5a3
Mac OS X 10.10.4 (Yosemite) suffers from a keychain-related denial of service vulnerability.
5e5264989ee711ea2cf1f4508b6d73169a2f88b72a97de4b2be4e77d5bfb3214
Cisco Security Advisory - A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6) packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor (ESP) processing the packet. The vulnerability is due to improper processing of crafted, fragmented packets. An attacker could exploit this vulnerability by sending a crafted sequence of fragmented packets. An exploit could allow the attacker to cause a reload of the affected platform. Cisco has released software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
927bb8bedea60ec82b1e53204a9f62223814ed18dd75bae126ded3c6b1eec619
In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.
5f8a24055c7eacceccce25d80da65ff0a662a967a7f926c2fe621369f5e41ae2
cisco-sa-2015722-tftp.txt - A vulnerability in the TFTP server feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The TFTP server feature is not enabled by default. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
658481621117b1e5ad4720664e9f121c4ec0623b5bc76430db620a3e6fc56afc
OS X version 10.10 DYLD_PRINT_TO_FILE local privilege escalation proof of concept exploit.
54d151a0576992acbdfc4330c685be0f33834016156eaf6b60eb50e760abfc0c
Apple Security Advisory 2015-06-30-2 - OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities.
36670a2c92a10eed9caf9afd9dd5f818e184e427c1eddb4da037e0aebc712907
The research in this paper leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Store, to gain unauthorized access to other apps' sensitive data. More specifically, the researchers found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote.
ece3215f1041638c7e80717f3528c48fffb5d9d0f9b925cd46938a293c3d9f4f
Cisco Security Advisory - A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the line card processing an IPv6 packet. The vulnerability is due to incorrect processing of an IPv6 packet carrying IPv6 extension headers that are valid but unlikely to be seen during normal operation. An attacker could exploit this vulnerability by sending such an IPv6 packet to an affected device that is configured to process IPv6 traffic. An exploit could allow the attacker to cause a reload of the line card, resulting in a DoS condition. Cisco has released free software updates that address this vulnerability. There is no workaround that mitigates this vulnerability.
e56b00b94f7935d03ca8b85ffb3a47abd5d4c85aedc4c8a4a169c488060e8544