Red Hat Security Advisory 2016-1939-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.
2e89712d5d9a3a6580bbe1199d40bc6f01d0d90d8dc5606a0a1f3917f336791dUbuntu Security Notice 3089-1 - Sergey Bobrov discovered that Django incorrectly parsed cookies when being used with Google Analytics. A remote attacker could possibly use this issue to set arbitrary cookies leading to a CSRF protection bypass.
1429af6725fcfdc8874b40c166000833bee38d63c06de42ce71e433a12f523fbRed Hat Security Advisory 2016-1940-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.
19da4e9f2644bafd62ade81685cad4dbfebe84c91adc49693b780a7d22008e4eAdobe Flash versions 23 and below local-with-filesystem sandbox bypass via navigateToURL() and UI redressing. Proof of concept included.
d781b3b3524940c25a5fbcb3235ee478a3d76f94af8e3a9b1b38f55e89374500EMC ViPR SRM versions prior to 4.0.1 suffer from a stored cross site scripting vulnerability.
e1828eb16abfb65ae9177f9aa8c447a3d49f6714d6cc7284391fd2913d94e586AVer Information EH6108H+ hybrid DVR suffers from authentication bypass, hard-coded credential, and information exposure vulnerabilities.
542457f732586cd30de78d97744a7ccf237f6d15e517b95167adadf9ca79f1d4hack4 has announced its Call For Papers. It will be held December 29th through the 30th, 2016 in Berlin, Germany.
ef4f6d88341c88a807480c594f4168027177c29a2cf5e642e44020d858f86245In this paper, the authors describe how the violation of secure design principles can cause authentication bypass vulnerabilities that were found in current endpoint protection software products of different vendors in 2015. All the discussed security vulnerabilities have been reported to the manufacturers of the affected software products according to our responsible disclosure policy and were publicly disclosed in several SySS security advisories and in a talk at the IT security conference DeepSec 2015.
16bdb44dfe3a5da3e0a9b5376b22c5274d1bfbf4ba7e2ff6870b90b93b63eb07The Skype installer suffers from a dll hijacking vulnerability.
0b3c640eeab0ab7cd7ec7ebff214b1a4bceb0e0789d4d92e6c3110b0a6a3749aIpod Video Converter suffers from a dll hijacking vulnerability.
61b579cc65a6eeaa34bb88ecc10504935818bcf88f2da16f27c50681e96bb7eaDebian Linux Security Advisory 3679-1 - Lukas Reschke discovered that Apache Jackrabbit, an implementation of the Content Repository for Java Technology API, did not correctly check the Content-Type header on HTTP POST requests, enabling Cross-Site Request Forgery (CSRF) attacks by malicious web sites.
0f5a893138b1cd78069b3dd03323499db2c569a7b00c3e203e1abf84f2e14e43HP Security Bulletin HPSBHF03652 1 - A potential vulnerability in Apache Commons FileUpload was addressed by HPE iMC PLAT network products. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.
95a8eceab70b60080766e978894efbac8842f4208552f7ea273e4246150a8058HP Security Bulletin HPSBHF03654 1 - Potential security vulnerabilities have been identified with HPE iMC PLAT network products using SSL/TLS. These vulnerabilities could be exploited remotely resulting in disclosure of information and other impacts. Revision 1 of this advisory.
e95853b077c436c5cb5faee1cb16a533e757741fc8e0f4554f5e9d9b4c3468acHP Security Bulletin HPSBHF03655 1 - Potential security vulnerabilities have been identified with HPE iMC PLAT network products running Apache Axis2. These vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other impacts. Revision 1 of this advisory.
e207ba0504f3712bbbee74a63b3d54bb39ce810ec03276cf275b027f373c294bDebian Linux Security Advisory 3678-1 - Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery (CSRF) protections built into Django.
ca95b0a735b7833fab215c8cd225e9f45f2155853007fe8f4abf34c989e7cc84This Metasploit module attempts to exploit a netfilter bug on Linux Kernels befoe 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation: Ubuntu: 1. ip_tables.ko (ubuntu), iptable_raw (fedora) has to be loaded (root running iptables -L will do such) 2. libc6-dev-i386 (ubuntu), glibc-devel.i686
3ed3279ffabc1d769fe51805e802f0af5a86f32107a739ee1f3f3ec23f7e3010This Metasploit module exploits a integer overflow vulnerability in the Stagefright Library (libstagefright.so). The vulnerability occurs when parsing specially crafted MP4 files. While a wide variety of remote attack vectors exist, this particular exploit is designed to work within an HTML5 compliant browser. Exploitation is done by supplying a specially crafted MP4 file with two tx3g atoms that, when their sizes are summed, cause an integer overflow when processing the second atom. As a result, a temporary buffer is allocated with insufficient size and a memcpy call leads to a heap overflow. This version of the exploit uses a two-stage information leak based on corrupting the MetaData that the browser reads from mediaserver. This method is based on a technique published in NorthBit's Metaphor paper. First, we use a variant of their technique to read the address of a heap buffer located adjacent to a SampleIterator object as the video HTML element's videoHeight. Next, we read the vtable pointer from an empty Vector within the SampleIterator object using the video element's duration. This gives us a code address that we can use to determine the base address of libstagefright and construct a ROP chain dynamically. NOTE: the mediaserver process on many Android devices (Nexus, for example) is constrained by SELinux and thus cannot use the execve system call. To avoid this problem, the original exploit uses a kernel exploit payload that disables SELinux and spawns a shell as root. Work is underway to make the framework more amenable to these types of situations. Until that work is complete, this exploit will only yield a shell on devices without SELinux or with SELinux in permissive mode.
1a90f98f06bcb60d18f94ddf7062901f68d339cc68bbdab75711aaafaeffc5d2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed