exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2013-12-22

Ubuntu Security Notice USN-2063-1
Posted Dec 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2063-1 - It was discovered that an intermediate certificate was incorrectly issued by a subordinate certificate authority of a trusted CA included in NSS. This intermediate certificate could be used in a man-in-the-middle attack, and has such been marked as untrusted in this update.

tags | advisory
systems | linux, ubuntu
SHA-256 | ecaae5d1a2280f64944d4be45f00ef77e8484d8afd56cc05c188dbfd1097fcfc
Mandriva Linux Security Advisory 2013-298
Posted Dec 22, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-298 - The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted certificate that is not properly handled by the openssl_x509_parse function. The updated packages have been upgraded to the 5.3.28 version which is not vulnerable to this issue. Additionally, some packages which requires so has been rebuilt for php-5.3.28.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, mandriva
advisories | CVE-2013-6420
SHA-256 | abec513d4cce769f4c116ff93413fe54514595b61b1855cc6ccd4d4256fd9fc7
Debian Security Advisory 2825-1
Posted Dec 22, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2825-1 - Laurent Butti and Garming Sam discored multiple vulnerabilities in the dissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2013-7113, CVE-2013-7114
SHA-256 | 4f9dc7111dffc668e27622c001dc32140b102e279ada4684aed34cf1c75a993d
Mandriva Linux Security Advisory 2013-297
Posted Dec 22, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-297 - The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master. A malicious node, with a plugin enabled using multigraph as a multigraph service name, can abort data collection for the entire node the plugin runs on.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-6048, CVE-2013-6359
SHA-256 | 0390e658bb0ec5ef6190f7a583355de82d7fcac2e8f6c6ef5bc06242019e5a6b
Mandriva Linux Security Advisory 2013-296
Posted Dec 22, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-296 - The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service via a crafted packet. Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service via a long domain name in a packet. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-7112, CVE-2013-7114
SHA-256 | 878776549c46a9bc09b3c25506054f13adcb45a498a6c50df1e5ca5ba1c9ffa9
Red Hat Security Advisory 2013-1869-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1869-01 - Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-6425
SHA-256 | 51bb4616ceb3d65fd4d0e7afea530d7dfc02391b3875d66576d03ad4e1e36f59
Red Hat Security Advisory 2013-1868-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1868-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2013-6424
SHA-256 | 9c3aa5ef889f82d8df9aff584669d589f79154f6c70004f0344c0c04e0c248df
Ubuntu Security Notice USN-2062-1
Posted Dec 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2062-1 - Chris Chapman discovered cross-site scripting (XSS) vulnerabilities in Horizon via the Volumes and Network Topology pages. An authenticated attacker could exploit these to conduct stored cross-site scripting (XSS) attacks against users viewing these pages in order to modify the contents or steal confidential data within the same domain.

tags | advisory, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2013-6858
SHA-256 | 3587fd5a41bc925c662426c88e64f0f511df7717a9ceb5a659c808d02f6918ff
Red Hat Security Advisory 2013-1866-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1866-01 - This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. All users should upgrade to this updated package. After installing the update, all applications using the ca-certificates package must be restarted for the changes to take effect.

tags | advisory
systems | linux, redhat
SHA-256 | accda667f78ff8099981a0fb59405a2a11831ff79f0da1e0432215a6689d219a
Red Hat Security Advisory 2013-1861-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1861-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.

tags | advisory
systems | linux, redhat
SHA-256 | b93ebb2cfc02975514c3187ccec01ca30870a5a28128e15aeec38b0985d7c860
Red Hat Security Advisory 2013-1863-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1863-01 - Candlepin is an open source entitlement management system. It tracks the products which an owner has subscribed too, and allows the owner to consume the subscriptions based on configurable business rules. It was discovered that, by default, Candlepin enabled a very weak authentication scheme if no setting was specified in the configuration file. This issue was discovered by Adrian Likins of Red Hat. Note: The configuration file as supplied by Subscription Asset Manager 1.2 and 1.3 had this unsafe authentication mode disabled; however, users who have upgraded from Subscription Asset Manager 1.1 or earlier and who have not added "candlepin.auth.trusted.enable = false" to the Candlepin configuration will be affected by this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-6439
SHA-256 | 82cfd38b99f73b14f049059fef5ce7bf585ea677694c6aa4c0762a3140ab6cb0
Red Hat Security Advisory 2013-1865-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1865-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Lifecycle Support for Red Hat Enterprise Linux 3 will be retired as of January 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 3 ELS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Lifecycle Support channel for Red Hat Enterprise Linux 3.

tags | advisory
systems | linux, redhat
SHA-256 | 8528ad7b7a7ff0980f963bbeb4eec2779b4305466de28e693b34a3a00fae7f28
Red Hat Security Advisory 2013-1862-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1862-01 - Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P1 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-1768, CVE-2013-4221, CVE-2013-4271, CVE-2013-4330, CVE-2013-4372
SHA-256 | cc87f20cac05b2c2a2ca841231613b725778a23e0f081c95d5e236ae38911461
Red Hat Security Advisory 2013-1860-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1860-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-4299
SHA-256 | 301f5f962b95816587d1a1fb7f9d8ff0a219a188b36d79a20ef0aea295b1c9d3
Red Hat Security Advisory 2013-1864-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1864-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.3 will be retired as of June 30, 2014, and support will no longer provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.3 EUS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after June 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 6.3.

tags | advisory
systems | linux, redhat
SHA-256 | e952825d980f1e571ea253661845f87d9c403fbe10076c0da8cbf497c7ba3fe5
Ubuntu Security Notice USN-2061-1
Posted Dec 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2061-1 - Steven Hardy discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could exploit this to retrieve a token not scoped to the trust and elevate privileges to the trustor's roles.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-6391
SHA-256 | 4a72e7e031b8599672568b6b6d3ccbed930204fea6f3cf3ccf813dc6f2eeac03
Ubuntu Security Notice USN-2060-1
Posted Dec 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2060-1 - Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially-crafted JPEG file to possibly expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-6629, CVE-2013-6630
SHA-256 | ada724d80f6116cda0c73d2efd4024177e4c219c100094a3b9792cfeff4db895
Debian Security Advisory 2824-1
Posted Dec 22, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2824-1 - Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend.

tags | advisory
systems | linux, debian
advisories | CVE-2013-6422
SHA-256 | f55a219a32ddbe9db5c005f18ae0103bf4244fbfe1a1a81408c6f333202d9d95
Mandriva Linux Security Advisory 2013-295
Posted Dec 22, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-295 - Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-4576
SHA-256 | 3c334674013ce601808d392c2122d76c04aab3c1e8475ddbd9575f0e0687ed02
64-bit calc.exe Stack Overflow Root Cause Analysis
Posted Dec 22, 2013
Authored by Dark-Puzzle

This is a brief write up discussing a root cause analysis of why spawning calc.exe triggered a stack overflow.

tags | paper, overflow, root
SHA-256 | df816f981278218c855742bbf91b22db7088072ca5aade2974f7d629781ce6e6
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close