what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 47 RSS Feed

Files Date: 2012-02-21 to 2012-02-22

Red Hat Security Advisory 2012-0309-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0309-03 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. Various other issues have also been addressed in this advisory.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2011-0010
SHA-256 | a827591da4fea2ba8c870bb76c75ed69cda355d31fcd569f1ba1cd76fc27be43
Red Hat Security Advisory 2012-0310-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0310-03 - The nfs-utils package provides a daemon for the kernel Network File System server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. It was found that the mount.nfs tool did not handle certain errors correctly when updating the mtab file. A local attacker could use this flaw to corrupt the mtab file.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2011-1749
SHA-256 | 57642090ed63781c24eff89f395c651565da20af68369696a481bcfee86e343a
Red Hat Security Advisory 2012-0153-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0153-03 - Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. This updated sos package also includes numerous bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4083
SHA-256 | 72f02d3ff7245ab41813002e88e09e0957605f7db822e4b33daab5eebda5e2ed
Red Hat Security Advisory 2012-0311-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0311-03 - The ibutils packages provide InfiniBand network and path diagnostics. It was found that the ibmssh executable had an insecure relative RPATH set in the ELF header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privileges of the victim. Under certain circumstances, the "ibdiagnet -r" command could suffer from memory corruption and terminate with a "double free or corruption" message and a backtrace. With this update, the correct memory management function is used to prevent the corruption.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2008-3277
SHA-256 | 60c143ecd4d6ffe4192aff95ab81bf9c5c724a5949e3b50a7b74e11616e76fc3
Red Hat Security Advisory 2012-0313-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0313-03 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. The default Samba server configuration enabled both the "wide links" and "unix extensions" options, allowing Samba clients with write access to a share to create symbolic links that point to any location on the file system. Clients connecting with CIFS UNIX extensions disabled could have such links resolved on the server, allowing them to access and possibly overwrite files outside of the share. With this update, "wide links" is set to "no" by default. In addition, the update ensures "wide links" is disabled for shares that have "unix extensions" enabled.

tags | advisory, protocol
systems | linux, redhat, unix
advisories | CVE-2010-0926
SHA-256 | 932d2cbf7225ce2c987d4bcdd7f912e023df64a9a31b01d00a4f046b0c7fdb63
Red Hat Security Advisory 2012-0312-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0312-03 - The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash.

tags | advisory
systems | linux, redhat
advisories | CVE-2008-1198
SHA-256 | c735e7d534e574ede1bfebfc8256d690918b1e145cb85f0079a84df86b8c0d06
Debian Security Advisory 2413-1
Posted Feb 21, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2413-1 - Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary code depending on the application that makes use of this functionality.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2011-1777, CVE-2011-1778
SHA-256 | dfe56269bdcc82503efeaf8ddeadc4f40bc5819f3f36275f831912f7ee7f4f2d
Red Hat Security Advisory 2012-0168-01
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0168-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0029, CVE-2012-0207
SHA-256 | bb1c7d2fa41c5e43267b70421481368a0747bc20aa8aecdd962ffe916076e965
Red Hat Security Advisory 2012-0301-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0301-03 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. It was found that ImageMagick utilities tried to load ImageMagick configuration files from the current working directory. If a user ran an ImageMagick utility in an attacker-controlled directory containing a specially-crafted ImageMagick configuration file, it could cause the utility to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2010-4167
SHA-256 | ce05d79e525d371a3631366535c169d30c3c08ad1503edc6acf35a92421c0722
Red Hat Security Advisory 2012-0304-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0304-03 - The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. The vixie-cron package adds improved security and more powerful configuration options to the standard version of cron. A race condition was found in the way the crontab program performed file time stamp updates on a temporary file created when editing a user crontab file. A local attacker could use this flaw to change the modification time of arbitrary system files via a symbolic link attack.

tags | advisory, arbitrary, local
systems | linux, redhat, unix
advisories | CVE-2010-0424
SHA-256 | 20f8b6e84058f26f0a2aa7c3ef9a59ac3c3520c25f2a1e85c0d6337273bce2b3
Red Hat Security Advisory 2012-0305-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0305-03 - The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2008-0171, CVE-2008-0172
SHA-256 | 9b5b881e679a19d7c6cef99a1adad1b032299948c919bfd6c33264db204f1ec6
Red Hat Security Advisory 2012-0151-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0151-03 - The conga packages provide a web-based administration tool for remote cluster and storage management. Multiple cross-site scripting flaws were found in luci, the conga web-based administration application. If a remote attacker could trick a user, who was logged into the luci interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's luci session. These updated conga packages include several bug fixes and an enhancement.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2010-1104, CVE-2011-1948
SHA-256 | df05872cd32bcf0eb301863b6de620c1fc089496e50141bb99995e7600af535a
Red Hat Security Advisory 2012-0302-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0302-03 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the "lp" user.

tags | advisory, overflow, arbitrary
systems | linux, redhat, unix
advisories | CVE-2011-2896
SHA-256 | f2434d92ff30870a69af386c20081fbeddc541a129b82ec961a7d31841e912d8
Red Hat Security Advisory 2012-0303-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0303-03 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2011-4028
SHA-256 | 39e0f6df5d345b03733218c038d1f55b80c5a015bd9aa8236f5b26bc71730c62
Red Hat Security Advisory 2012-0149-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0149-03 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2011-4347
SHA-256 | 52ddce2218c312d1c3ecce3bfbf426ea56da1c30ba13b0970d775b410ad1bd6c
Red Hat Security Advisory 2012-0306-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0306-03 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the effective group ID change system call. If the group ID change failed, a remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.

tags | advisory, remote, root
systems | linux, redhat
advisories | CVE-2011-1526
SHA-256 | 672b137189ca918afd7760a04e09e67af4318ed58e5029e093c8f001ae713e91
Red Hat Security Advisory 2012-0150-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0150-03 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way the Linux kernel's Event Poll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-1083
SHA-256 | 9833f2568ca8c0fa127ae4b53382a05cd44d419a7d51b7e07059a4cf0221b439
Red Hat Security Advisory 2012-0307-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0307-03 - The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2011-1675, CVE-2011-1677
SHA-256 | 3c4017b188014c2b843ed4e7706c124b342cf978b3416b7b0f193fe2588f8803
Red Hat Security Advisory 2012-0308-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0308-03 - BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox.

tags | advisory, arbitrary, shell
systems | linux, redhat
advisories | CVE-2006-1168, CVE-2011-2716
SHA-256 | 637da849dd1e3c763e778e6fe1e490e5b0111589e5bbe410601d4378e0edda25
Red Hat Security Advisory 2012-0152-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0152-03 - The kexec-tools package contains the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. Kdump used the SSH "StrictHostKeyChecking=no" option when dumping to SSH targets, causing the target kdump server's SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2011-3588, CVE-2011-3589, CVE-2011-3590
SHA-256 | 1c41a7b78dddff29fbca19fb727c662674083476186d59c3f5ef78f52bcbd3ec
Nmap Iptables Shell Script
Posted Feb 21, 2012
Authored by Liyan Oz

This is a shell script that launches iptables to add rules that will flag various types of nmap scans.

tags | tool, shell, nmap
systems | unix
SHA-256 | 732008c5abfbdafbdc2614b6d6350fdb256367f1e953f70dcaef67b8f336bbb7
Secunia Security Advisory 48084
Posted Feb 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Hitachi Command Suite products, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | d1eae9f979b5bfd4714fff93034fc6ab1c0f21fefff41ec1064aaf25818e0d09
Secunia Security Advisory 48100
Posted Feb 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for ImageMagick. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, redhat
SHA-256 | 30aebe36faa26caa48bd81f2f81985c3d9eece3389b4ff64c2c5c8960146fccf
Secunia Security Advisory 48099
Posted Feb 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for boost. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, redhat
SHA-256 | c2f7547c13cb39647f59e06ab3129f3e1bab4ea989ba177849e0dc8a33e32c4b
Secunia Security Advisory 48041
Posted Feb 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for samba. This fixes a weakness, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.

tags | advisory
systems | linux, redhat
SHA-256 | 6b72908c35e9cb74ff346ad005538fcdb38b52496fefac22200dc2db1d6d7268
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close