what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed

Files Date: 2014-06-05 to 2014-06-06

OpenSSL Security Advisory - MITM / Recursion / DoS
Posted Jun 5, 2014
Site openssl.org

OpenSSL suffers from SSL/TLS MITM, DTLS recursion, DTLS invalid fragment, SSL_MODE_RELEASE_BUFFERS NULL pointer dereference, session injection, and various other vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | c8a76479616787fe605580247ae03de77e71fa40907ab2828faf37a7315964ee
TOR Virtual Network Tunneling Tool 0.2.4.22
Posted Jun 5, 2014
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release backports numerous high-priority fixes from the Tor 0.2.5 alpha release series. These include blocking all authority signing keys that may have been affected by the OpenSSL "heartbleed" bug, choosing a far more secure set of TLS ciphersuites by default, closing a couple of memory leaks that could be used to run a target relay out of RAM, and several others.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 6bf7942e93b8919a7d01a601390c2a8e7c32d6d53713a73c02d734bad9bd694c
EMC Documentum Content Server Escalation / Injection
Posted Jun 5, 2014
Site emc.com

EMC Documentum Content Server contains fixes for multiple security vulnerabilities that could be potentially exploited by malicious users to compromise the affected system. These include privilege escalation, shell injection, and DQL injection vulnerabilities.

tags | advisory, shell, vulnerability
advisories | CVE-2014-2506, CVE-2014-2507, CVE-2014-2508
SHA-256 | 7339b82212d868edf9b0568c445dd25b82f5c385257cb66109037e04fc9b02ad
Lynis Auditing Tool 1.5.4
Posted Jun 5, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds support for parsing Nginx configuration files. It tests the SSL configuration, includes a small fix for SMB daemon on Mac systems, and has an improved report.
tags | tool, scanner
systems | unix
SHA-256 | f7603e90111f5141cea79c8f61a8f4d709e76f3839bec3d011506e896dd977d4
httpry Specialized HTTP Packet Sniffer 0.1.8
Posted Jun 5, 2014
Authored by Dumpster Keeper | Site dumpsterventures.com

httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.

Changes: The latest release adds a number of useful features and tweaks. VLAN tagged packets are now handled, and the PPP link type is supported. There's a new option available for specifying a custom ethernet header offset. Packet parsing is also improved with better handling of partial headers and a non-zero read timeout for live captures.
tags | tool, web, sniffer
systems | unix
SHA-256 | ef53454f895f68005f7b9ab634d1b433c4df839eacea9109e4ee48d4296fb613
FreeBSD Security Advisory - OpenSSL Issues
Posted Jun 5, 2014
Site security.freebsd.org

FreeBSD Security Advisory - Multiple OpenSSL vulnerabilities have been addressed. Receipt of an invalid DTLS fragment on an OpenSSL DTLS client or server can lead to a buffer overrun. Receipt of an invalid DTLS handshake on an OpenSSL DTLS client can lead the code to unnecessary recurse. Carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. Carefully crafted packets can lead to a NULL pointer deference in OpenSSL TLS client code if anonymous ECDH ciphersuites are enabled.

tags | advisory, overflow, vulnerability
systems | freebsd
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 0861adc148689cbdc960e551b28a4d26bf87ecf2fde76c62e5a15d705b29066e
Cloudera Manager 4.8.2 / 5.0.0 Information Disclosure
Posted Jun 5, 2014

Cloudera Manager versions 4.8.2 and below and 5.0.0 suffer from a sensitive configuration value exposure.

tags | advisory, info disclosure
advisories | CVE-2014-0220
SHA-256 | 01a3bb6418266f86dc34fcb8e291c900d84c0c00dcf003ba6588bd86a7d761b5
HP Security Bulletin HPSBMU03029 2
Posted Jun 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03029 2 - A potential security vulnerability has been identified with HP Insight Control server migration running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 1e74c0ccaa7df002b779d8233fe2743dc52cabe1d816990cc681de7247931756
DevExpress ASP.NET File Manager 13.2.8 Directory Traversal
Posted Jun 5, 2014
Site redteam-pentesting.de

DevExpress ASP.NET File Manager versions 10.2 through 13.2.8 suffer from a directory traversal vulnerability.

tags | exploit, asp
advisories | CVE-2014-2575
SHA-256 | 394a34f5bb9c0db271438b8c89cbdc148df7951f648d6063157e850611f77962
Linux x86 Netcat Shellcode
Posted Jun 5, 2014
Authored by Oleg Boytsev

Linux x86 /bin/nc -le /bin/sh -vp 17771 shellcode that is 58 bytes.

tags | x86, shellcode
systems | linux
SHA-256 | 52e8e9bfc994f4ecf6dc3eb42159bdd48ad25b6e4c50de08ff04fa39236db56b
EMC Documentum Digital Asset Manager Blind DQL Injection
Posted Jun 5, 2014
Site emc.com

EMC Documentum Digital Asset Manager (DAM) announces a security fix to address blind DQL (Documentum Query Language) injection vulnerability. The DAM thumbnail proxy server allows unauthenticated users to query objects using a vulnerable URL query string parameter. A malicious attacker can potentially conduct Blind DQL injection attacks using the vulnerable parameter to infer or modify the database contents. EMC Documentum Digital Asset Manager versions 6.5 SP3 through SP6 are affected.

tags | advisory
advisories | CVE-2014-2503
SHA-256 | 91095ede0e45fd5a70e325ef49ee1a0b47012f04bd0ecbd47837a21f92c3fdf2
HP Security Bulletin HPSBMU03033 3
Posted Jun 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03033 3 - A potential security vulnerability has been identified with HP Insight Control software components running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 26450869ed7e8e9888feb1b30e20846859e3b7d1ef71705fb6a67553eaba919d
HP Security Bulletin HPSBMU03028 2
Posted Jun 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03028 2 - A potential security vulnerability has been identified with HP Matrix Operating Environment and HP CloudSystem Matrix software components running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | ac167e598819b0170873d5d1318b3a3bf755767159a7cd628be5af23f20fd934
Debian Security Advisory 2949-1
Posted Jun 5, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2949-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-3144, CVE-2014-3145, CVE-2014-3153
SHA-256 | 45405d468e8010f880354b2ce2dd7801de3e4c470ba76a2d1bd51a96f14afe54
Debian Security Advisory 2950-1
Posted Jun 5, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2950-1 - Multiple vulnerabilities have been discovered in OpenSSL.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 4c8bceba399e16586ea86f1b94f7aa04795bdcfa642dec68a184325f766c871e
Red Hat Security Advisory 2014-0632-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0632-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2014-0224
SHA-256 | 456daeb2b1a4d8164284a12263830d1da43679e8b1b2302b20336cadbfc10a96
Red Hat Security Advisory 2014-0633-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0633-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2014-0224
SHA-256 | 537737f3568e241e4468db62fdb61998a5e7c87b43b82fad30f343feeb511a13
Red Hat Security Advisory 2014-0630-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0630-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

tags | advisory, java, protocol
systems | linux, redhat
advisories | CVE-2014-0224
SHA-256 | eff4ba3a1b813768ab55e70b7b90c92170e78c7163c723bcf93bedd5b2fdce4c
Red Hat Security Advisory 2014-0631-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0631-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

tags | advisory, java, protocol
systems | linux, redhat
advisories | CVE-2014-0224
SHA-256 | 5be5866aa0d31cbf39c74ef600a5424cfb9918d15893a6ef2d8fe5666e6c9522
Red Hat Security Advisory 2014-0629-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0629-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library.

tags | advisory, kernel, protocol
systems | linux, redhat
advisories | CVE-2014-0077, CVE-2014-0224
SHA-256 | 1fa76c69d35abf6d7fc2bde2bc1b5526dcf99c47445ce6408bb66c00ff64f9a8
Debian Security Advisory 2945-1
Posted Jun 5, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2945-1 - Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2014-0476
SHA-256 | 4b40aa0f2ad33b2e2636d7b46693b635f936d7615ef89487925b8fef3321390f
Red Hat Security Advisory 2014-0628-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0628-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 45ac970580285e45f60c7ada7cf8c6e1a95037ba799213a4c6ba5b817da76fd1
Red Hat Security Advisory 2014-0626-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0626-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-0224
SHA-256 | ab8c9baf481a1393d8cd85d7b34d357e818678e6943a98f63ce4bb58406c836e
Red Hat Security Advisory 2014-0627-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0627-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-0224
SHA-256 | 729b6ba8c002c09f11ac83a43142a228466c6c98eb507769932ee4dfcf04d79e
Red Hat Security Advisory 2014-0625-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0625-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 3d88b7a9e688d54a5fad1e381be0cca426e56f5d1e4dd8bf942ff0e19e035199
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close