This archive contains all of the 220 exploits added to Packet Storm in March, 2014.
51349b5abbde8e1fd6bd4fef4c6c16203f245c7bcdb7688e99fad92c2497ef0daircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
2d22ae13360d466ffff1699cb1300ce5f807ffe9762314bb60ee49d9d2efe98dUbuntu Security Notice 2158-1 - Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. Nico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory corruption) or possibly other unspecified issues. Various other issues were also addressed.
7be186da02dc9637de795e1d1ebb3e3f3911bac940397c36f5cb4ade06b2be03RSA Adaptive Authentication (On-Premise) versions 6.x and 7.x suffer from cross site scripting and cross frame scripting vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
7504949cc5ee1b2d26d592e5024b387d054461fd32f3fb8b2b1a6e2db518a28fDebian Linux Security Advisory 2893-1 - Two vulnerabilities were fixed in Openswan, an IKE/IPsec implementation for Linux.
46c874585db91e02896fab1d9cb81e40f1fbae61ac26f26ca4c2726e58ceecaeThis code dissects the internal data structures in ELF files. It supports x86 and x86_64 archs and runs under Linux.
f8636edd94e628d8a05706d8252fa410c215dd08dce94844785f2866ad7bbf50Red Hat Security Advisory 2014-0350-01 - In accordance with the Red Hat Enterprise MRG Life Cycle policy, the Red Hat Enterprise MRG product, which includes MRG-Messaging, MRG-Realtime, and MRG-Grid, Version 1 offering for Red Hat Enterprise Linux 5 was retired as of March 31, 2014, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for MRG-Messaging, MRG-Realtime, and MRG-Grid Version 1 on Red Hat Enterprise Linux 5 after March 31, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Enterprise MRG Version 1 on Red Hat Enterprise Linux 5 after this date.
cd873cffc56110a6277ed5100b3cf1927fc60dd1697c0c4746a46f66da108a64Red Hat Security Advisory 2014-0349-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.3 was retired as of March 31, 2014, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.3 AMC after March 31, 2014. In addition, technical support through Red Hat's Global Support Services for Red Hat Enterprise Linux 5.3 AMC will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.3 to a more recent release of Red Hat Enterprise Linux 5 or 6. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 5 release or Red Hat Enterprise Linux 6 release .
6c0c4939a5c297720e8f792dce2af29c0d5d1b0b3e9ab0334d699d9f9cb11e19Debian Linux Security Advisory 2892-1 - Several vulnerabilities have been found in a2ps, an 'Anything to PostScript' converter and pretty-printer.
f02e70102dc257c70529fa7590ef5674358e8fbe0adba94dadafa4ef5b36f358Security Explorations decided to release technical details and accompanying proof of concept codes for security vulnerabilities discovered in the environment of Oracle Java Cloud Service. Enclosed are two pdfs detailing the issues along with a zip file filled with proof of concept code. The release of data is due to Oracle's continued failure to properly handle vulnerability reports.
8da74747f63ecbeaf0436376646b7870ac187a6fd484dcb90371ecdd3d8b7be4Tag3 suffers from a remote blind SQL injection vulnerability.
3817b9d23f5104d67462c80dfa298f2b350ac1e081c6a6b2db06dd5a3194af96Red Hat Security Advisory 2014-0348-01 - Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.
bdb331dd996b149d2da81881cadcb6fc4dc3bee816b1a1caa8a1b478cd6b1e54
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed