exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 3,688 RSS Feed

Protocol Files

Kernel Live Patch Security Notice LSN-0101-1
Posted Mar 7, 2024
Authored by Benjamin M. Romer

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux
advisories | CVE-2023-6817, CVE-2023-6932, CVE-2023-7192, CVE-2024-0193, CVE-2024-0646
SHA-256 | bc88723b94872c87e1cb00b2d83a704f36fe21c1a1c29ddd39f56580a64d63b7
Ubuntu Security Notice USN-6647-2
Posted Mar 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6647-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-51780, CVE-2023-51782, CVE-2023-7192
SHA-256 | f482b4121fdbb18a1aa10eff28af9de753dabde4e2a5df33e96dc30e687a2222
Ubuntu Security Notice USN-6647-1
Posted Feb 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6647-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-51780, CVE-2023-51782, CVE-2023-7192
SHA-256 | dc6419bae3374862f7e099238c6f62915d628b60e52c658d5d47d2442058067e
Ubuntu Security Notice USN-6646-1
Posted Feb 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-51780, CVE-2023-51782, CVE-2023-7192
SHA-256 | 263643db87a6432edb065900eea41c3a1d8ae0e9c08508a673c02ef018cf394a
NFC Relay Attack On Tesla Model Y
Posted Feb 21, 2024
Authored by Josep Pi Rodriguez | Site ioactive.com

This paper will walk you through the proof-of-concept and technical details of exploitation for IOActive's recent NFC relay attack on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and they then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark's BlueShark module.

tags | paper, protocol, wireless
SHA-256 | 1b2f050c027e1bfe9702c6a2a927a78ccba6ef0043e76bbe3a63de1a54eaecc8
Wireshark Analyzer 4.2.3
Posted Feb 15, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: 20 bug fixes along with updated protocol support for ASAM CMP, CAN, CFLOW, CMIP, CMP, DAP, DICOM, DISP, E2AP, GLOW, GOOSE, GTP, GTPv2, H.225, H.245, H.248, HTTP2, IEEE 1609.2, IEEE 1722, IPv4, IPv6, ISO 15765, ISUP, ITS, Kerberos, LDAP, MMS, NBT, NRUP, openSAFETY, P22, P7, PARLAY, RTMPT, RTP, SCSI, SOME/IP, T.38, TCP, TECMP, TFTP, WOW, X.509if, X.509sat, X.75, X11, Z39.50, and ZigBee Green Power.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 958bd5996f543d91779b1a4e7e952dcd7b0245fe82194202c3333a8f78795811
Kernel Live Patch Security Notice LSN-0100-1
Posted Feb 8, 2024
Authored by Benjamin M. Romer

It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. Various other issues were discovered and addressed.

tags | advisory, kernel, protocol
systems | linux
advisories | CVE-2023-5345, CVE-2023-6040, CVE-2023-6176, CVE-2023-6817, CVE-2023-6932
SHA-256 | 55bac94f220995e2504245406daa6739d0a8e896be555aa348a44bc0e7cc793a
WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution
Posted Feb 2, 2024
Authored by ItsSixtyN3in

WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.

tags | exploit, web, arbitrary, shell, protocol
advisories | CVE-2023-42222
SHA-256 | 697050685574d8cbeaf2f42aaa7b87535a8f6cf1ec1ce436dac7c65634057623
OpenSSL Toolkit 3.2.1
Posted Jan 31, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The latest stable version is the 3.2 series supported until 23rd November 2025.

Changes: 5 security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
SHA-256 | 83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39
OpenSSL Toolkit 3.1.5
Posted Jan 31, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.1 series is supported until 14th March 2025.

Changes: 5 security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
SHA-256 | 6ae015467dabf0469b139ada93319327be24b98251ffaeceda0221848dc09262
OpenSSL Toolkit 3.0.13
Posted Jan 31, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.0 series is a Long Term Support (LTS) version and is supported until 7th September 2026.

Changes: 5 security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
SHA-256 | 88525753f79d3bec27d2fa7c66aa0b92b3aa9498dafd93d7cfa4b3780cdae313
Ubuntu Security Notice USN-6607-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6607-1 - It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-5345, CVE-2023-6040, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193
SHA-256 | 129bf8e03fcff7ad53aea0dbb1617e402b728e93911e0d73e3c75fb0e9b25fd1
Ubuntu Security Notice USN-6601-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6601-1 - It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-6932
SHA-256 | cca79625b03d2bb1e94883b9d350917c326da4fe2ad588949119d92376aebd76
Ubuntu Security Notice USN-6598-1
Posted Jan 25, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6598-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2023-48795
SHA-256 | dd8a1a95b3a16c6fe45623db4f26f252a81bb8e5b368cdbaffd76de031b0e0fd
Ubuntu Security Notice USN-6589-1
Posted Jan 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6589-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2023-48795
SHA-256 | 8518668a4badaa795ff43751102221732a1799bf651302c95ea7ee967ec088d0
GNU Transport Layer Security Library 3.8.3
Posted Jan 16, 2024
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: libgnutls had multiple security fixes. They fixed more timing side-channel issues inside RSA-PSK key exchange. They fixed an assertion failure when verifying a certificate chain with a cycle of cross signatures. Fixed a regression in handling Ed25519 keys stored in PKCS#11 token certtool that was unable to handle Ed25519 keys generated on PKCS#11 with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2.
tags | protocol, library
advisories | CVE-2024-0553, CVE-2024-0567
SHA-256 | f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e
Ubuntu Security Notice USN-6585-1
Posted Jan 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6585-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2023-48795
SHA-256 | d368df4c0d357987893502f341336db0f44b79a83468cb12d62846d219bc5e7b
Debian Security Advisory 5601-1
Posted Jan 12, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5601-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2023-48795
SHA-256 | 74939800a29d48ded37e9813459aa6b29068a867d2c407034d466d7a7bb36ee5
Debian Security Advisory 5600-1
Posted Jan 12, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5600-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2023-48795
SHA-256 | 8cfe6e2a5aa62ff4c70ee28350070f1ea5a4506b8305130470d356424e8fe7c6
Debian Security Advisory 5599-1
Posted Jan 12, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5599-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2023-48795
SHA-256 | a0c9e4b89d0e004e7f26020948eef0d8e208379ab02cce69468a0e02ce7ea9b2
Ubuntu Security Notice USN-6560-2
Posted Jan 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6560-2 - USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.

tags | advisory, remote, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2023-48795, CVE-2023-51385
SHA-256 | 279f23efe6b36684994928a454f01081c5330f4103d3e9a111b6c5ff07c9a1f6
FreeSWITCH Denial Of Service
Posted Jan 8, 2024
Authored by Amirhossein Bahramizadeh

FreeSWITCH versions prior to 1.10.11 remote denial of service exploit that leverages a race condition in the hello handshake phase of the DTLS protocol.

tags | exploit, remote, denial of service, protocol
advisories | CVE-2023-51443
SHA-256 | c9c3686ee337d8542426ced66a1b6b5eb7140101aed0bc4ec11b15ee6a810dab
Wireshark Analyzer 4.2.2
Posted Jan 5, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: 5 vulnerabilities and 23 bugs have been fixed.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2024-0207, CVE-2024-0208, CVE-2024-0209, CVE-2024-0210, CVE-2024-0211
SHA-256 | 9e3672be8c6caf9279a5a13582d6711ab699ae2a79323e92a99409c1ead98521
FreeSWITCH 1.10.10 Denial Of Service
Posted Dec 26, 2023
Authored by Sandro Gauci | Site enablesecurity.com

When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack.

tags | exploit, denial of service, protocol
advisories | CVE-2023-51443
SHA-256 | 42111d854609afb4221ff75af6db4e27c366baa1bf5886242bf637a8ab822f76
Debian Security Advisory 5588-1
Posted Dec 26, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5588-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2021-36367, CVE-2023-48795
SHA-256 | 7af4170ad4031fd3d2a9ee78c01336ac9376c0590df4e88dd4e5550f0258ed24
Page 1 of 148
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close