what you don't know can hurt you
Showing 1 - 25 of 2,983 RSS Feed

Protocol Files

Ubuntu Security Notice USN-4510-2
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4510-2 - USN-4510-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. Various other issues were also addressed.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2020-1472
MD5 | 2ed34d2ad5e9cf444a3751d103669b60
Ubuntu Security Notice USN-4510-1
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4510-1 - Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. This update fixes the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting. Various other issues were also addressed.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2020-1472
MD5 | 0b446579b7c7dc87b52c723cb2687955
Microsoft Windows Finger Security Bypass / C2 Channel
Posted Sep 14, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows TCPIP Finger Command finger.exe that ships with the OS, can be used as a file downloader and makeshift C2 channel. Legitimate use of Windows Finger Command is to send Finger Protocol queries to remote Finger daemons to retrieve user information. However, the finger client can also save the remote server response to disk using the command line redirection operator.

tags | exploit, remote, protocol
systems | windows
MD5 | cf1c7a658300820f34037e5d7395ac66
Ubuntu Security Notice USN-4488-2
Posted Sep 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4488-2 - USN-4488-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update and also the update from USN-4490-1 for Ubuntu 14.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could possibly use this issue to obtain sensitive information. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSelectEvents function. A local attacker could possibly use this issue to escalate privileges. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XRecordRegisterClients function. A local attacker could possibly use this issue to escalate privileges.

tags | advisory, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2020-14345, CVE-2020-14346, CVE-2020-14347, CVE-2020-14361, CVE-2020-14362
MD5 | 2c21e36caf7b07e3cf7bab5cb7a9f1d9
Rigorous Specifications Of The SSH Transport Layer
Posted Sep 8, 2020
Authored by Erik Poll, Aleksy Schubert

This document presents semi-formal specifications of the security protocol SSH, more specifically the transport layer protocol, and describes a source code review of OpenSSH, the leading implementation of SSH, using these specifications.

tags | paper, protocol
MD5 | 4502a821c4246645b42cedf6191e3bf8
Ubuntu Security Notice USN-4488-1
Posted Sep 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4488-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could possibly use this issue to obtain sensitive information. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSelectEvents function. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-14346, CVE-2020-14347, CVE-2020-14361, CVE-2020-14362
MD5 | c1fb4cc9f0f5241da7a5ed5b69d9a826
Ubuntu Security Notice USN-4446-2
Posted Aug 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4446-2 - USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2019-12520, CVE-2019-12523, CVE-2019-12524, CVE-2019-18676
MD5 | 3ce54dac1a09ed855009027ca7b777d9
Red Hat Security Advisory 2020-3475-01
Posted Aug 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3475-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-8616, CVE-2020-8617
MD5 | 2dd636fea7e0cd4fa94508d728aee804
Red Hat Security Advisory 2020-3470-01
Posted Aug 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3470-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-8616, CVE-2020-8617
MD5 | 46c3dcd8832a698a70eff7357261ec11
Red Hat Security Advisory 2020-3471-01
Posted Aug 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3471-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-8616, CVE-2020-8617
MD5 | ea995a2ae04d35d5cd5e454d9d275ec2
Wireshark Analyzer 3.2.6
Posted Aug 13, 2020
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: Multiple bug fixes including a dissector crash.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2020-17498
MD5 | f14ef8d73fa5f30b57fec51283e6b73e
Red Hat Security Advisory 2020-3433-01
Posted Aug 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3433-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-8616, CVE-2020-8617
MD5 | 9e4e1d5c6e3937cd76aea54e46330e54
Red Hat Security Advisory 2020-3379-01
Posted Aug 10, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3379-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-8616, CVE-2020-8617
MD5 | f91b3df8a8eebc8205c3ba022fe3d087
Red Hat Security Advisory 2020-3378-01
Posted Aug 10, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3378-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-8616, CVE-2020-8617
MD5 | 7ae0d56c5d06f5ca004ef35ff8a86769
Red Hat Security Advisory 2020-3272-01
Posted Aug 3, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3272-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-8616
MD5 | dae3f41cf1c5f5703840b3dc09e018ea
Red Hat Security Advisory 2020-3133-01
Posted Jul 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3133-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.4 serves as a replacement for Red Hat AMQ Broker 7.4.3, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2018-15756, CVE-2020-10727, CVE-2020-11612, CVE-2020-1953
MD5 | ab4904e02f2b98642517aa8804234d6f
Red Hat Security Advisory 2020-3118-01
Posted Jul 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3118-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and various information. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2020-10730
MD5 | 31872f7111f78aec935aaf2e07e96764
Red Hat Security Advisory 2020-3119-01
Posted Jul 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3119-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2020-10730
MD5 | 4fcc9ad7a7f05ef701e6b6d48af53975
SMB12 Information Gathering
Posted Jul 17, 2020
Authored by Ivica Stipovic

SMB12 Information Gathering is a data gathering python script that inspects SMB1 and SMB2 endpoints. It will extract various attributes from the remote server such as OS version (only supported by SMB1 as per protocol definition), DNS computer name, DNS domain name, NetBIOS computer name and NetBIOS domain name (SMB1 and SMB2).

tags | tool, remote, scanner, protocol, python
systems | unix
MD5 | ddda39cbd4570cf2fc5b7af60557808c
Red Hat Security Advisory 2020-2893-01
Posted Jul 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2893-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2020-8617
MD5 | 01b1b1aaa424ee689cb1c7f7f41e409c
Ubuntu Security Notice USN-4419-1
Posted Jul 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4419-1 - It was discovered that a race condition existed in the Precision Time Protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code. Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-10690, CVE-2020-10711, CVE-2020-12770, CVE-2020-13143, CVE-2020-8992
MD5 | 1a43296b82c72fbb0f52cc4e8828d2f4
Red Hat Security Advisory 2020-2850-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2850-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
MD5 | b31de2333ed43a3c4b28d8d01d41562a
Red Hat Security Advisory 2020-2823-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2823-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
MD5 | 2fdf47cd71242eae7e056c3735e53336
Red Hat Security Advisory 2020-2817-01
Posted Jul 2, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2817-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2019-20372
MD5 | ff035f1244dbfc0959dcde6a860cb2bf
Wireshark Analyzer 3.2.5
Posted Jul 2, 2020
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: A GVCP dissector infinite loop vulnerability has been addressed along with many other bug fixes.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2020-15466
MD5 | 56d7c971d6d8f03175183cc411653e6c
Page 1 of 120
Back12345Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close