Install.framework has a suid root binary at /System/Library/PrivateFrameworks/Install.framework/Resources/runner that allows for arbitrary mkdir, unlink, and chown.
4b9ea14e8540ddbdec18fe305074224119369e420b4ed663a1f2bac393fa7f15
Secunia Security Advisory - Debian has issued an update for strongswan. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
70658b83c69e26ae4093cfbd5b55ab823e06f3d6f41022498cdbea54dc8f0313
Debian Linux Security Advisory 2483-1 - An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder.
7609f91a664792688a1457f9e5c23da2922dfbaaf34996f4ab7c713b94406d26
GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
310262d1ded082d1ceefc52d6dad265c1decae8d84e12b5947d9b1dd193191e5
Mandriva Linux Security Advisory 2012-082 - Multiple vulnerabilities has been discovered and corrected in pidgin. A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests. Incoming messages with certain characters or character encodings can cause clients to crash. This update provides pidgin 2.10.4, which is not vulnerable to these issues.
8250736d53c4ff0aec14a41ffb644124cf6f919a74bff10c3a67955e6c661991
Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.
b4728ca55ce3cfd40444a11b5acd5298ece8e9bf6c775569b96cc5d90bcd9a33
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
54a6978fdaae8c9a83798016669aebaf82c92f549478b0be940844cd0189258e
Red Hat Security Advisory 2012-0681-01 - Apache Tomcat is a servlet container. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves multiple flaws that weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks.
476d8682a9dc81de542af39a135df9462d83db56715407ea95d50226c75892c0
Red Hat Security Advisory 2012-0682-01 - Apache Tomcat is a servlet container. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also addresses multiple flaws that weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks.
a7981af462ded26dc5b525b00d9463603ff70a82bbc57c62341f258e1aba5de8
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
11557623033f83fd59c047df77732ae8b78ffc6326f727c0c1aea355a332f580
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
c02190292f3a147e906e373d6d388b12281fc71677eedb7324d27c178ff23901
Ubuntu Security Notice 1443-1 - It was discovered that Update Manager created system state archive files with incorrect permissions when upgrading releases. A local user could possibly use this to read repository credentials. Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad when reporting bugs. This could possibly result in repository credentials being included in public bug reports. Various other issues were also addressed.
6404506a03e0bd2370106f34332c5a744490330dc284ffba95740f7fd563f31a
Red Hat Security Advisory 2012-0670-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. When a set user ID application is executed, certain personality flags for controlling the application's behavior are cleared. It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise MRG is made privileged via file system capabilities.
c88db0a1f1b7343e27cc22e518f7258062840aebeea6f425936d381a312cd433
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
7535e3c956995ec088e0036a3ecb227af85f7e7498611ed214ba05bc70a26996
Mandriva Linux Security Advisory 2012-071 - This is a bugfix and security advisory that upgrades php to the latest 5.3.13 version for Mandriva Linux Enterprise 5.2 which resolves numerous upstream bugs in php.
028afe71e35b4463baf7313fddbd4720742bc9f50ec0c59daa263f5bc0947ff6
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
7951e7cbd5d3ef81b6a7dcaed9ec4c95331f77b7aa03178ca7a582058593986e
Debian Linux Security Advisory 2466-1 - Sergey Nartimov discovered that in Rails, a Ruby based framework for web development, when developers generate html options tags manually, user input concatenated with manually built tags may not be escaped and an attacker can inject arbitrary HTML into the document.
45fc779659d12b3f4006e50d93f3790391de6edf2d1948ba64eb85d6500c30e4
Ubuntu Security Notice 1437-1 - It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable.
38f9d764d6c2cf212c5eff43704012fdf52ff4fe7d6dd5988c81045cf41f1f3a
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
62dd46bdfa66e997cd07479c448ce5a5cb3748cb495d58074a7a737dbbe93fc4
Secunia Security Advisory - A vulnerability has been reported in the cctags module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
e6bb0e647da0cf79235695bd47b357557b86c97d727abb8c9b7f1bd235735dd5
Drupal cctags third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
11ecbee9842079b4c09e2b8895b9e82e8b925e6afe795af24ad7e05b1025e56c
cIFrex is a small script written in PHP that supports searching for bugs in the analysis of the source code. It uses a database of regular expressions.
4172d492b1bd172650866495ce29ca87bee838cb96d452d364a667227680e43d
Ubuntu Security Notice 1435-1 - Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain IFD structures. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. Various other issues were also addressed.
73ba7d5a3bfc03583f1359586e171a6afd57f0bd2cabb0ad28c5b5b48ed912b5
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
94dad2184e4ccfe8bb52bebf3d33dc6d653dfad67dc23d4198e3f1a6deb8463b
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
e2922b592136828485ef5f371fa2e685ec057099245c46322cd9573c14dde2a4
This Metasploit modules exploits a vulnerability found in WebCalendar versions 1.2.4 and below. If not removed, the settings.php script meant for installation can be updated by an attacker with injected code. This allows arbitrary code execution as www-data.
29b4c547a774b448684e25b5a3790447dba6bd3752a031b9b5ce3b8d549c07cb