what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2014-10-22 to 2014-10-23

Ubuntu Security Notice USN-2387-1
Posted Oct 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2387-1 - The pollinate package bundles the certificate for entropy.ubuntu.com. This update refreshes the certificate to match the one currently used on the server.

tags | advisory
systems | linux, ubuntu
SHA-256 | a188bf8bf6bfe165725370d20ffcde00049886143be72c42733217cd209ca290
Packet Fence 4.5.0
Posted Oct 22, 2014
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This release adds many bugfixes and enhancements.
tags | tool, remote
systems | unix
SHA-256 | 6269aeacb49020342541efa4a666b54aff178ce6d8160d071a0f7c625b68139a
FreeBSD Security Advisory - OpenSSL Vulnerabilities
Posted Oct 22, 2014
Site security.freebsd.org

FreeBSD Security Advisory - A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. The SSL protocol 3.0, as supported in OpenSSL and other products, supports CBC mode encryption where it could not adequately check the integrity of padding, because of the use of non-deterministic CBC padding. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE.

tags | advisory, protocol, memory leak
systems | freebsd
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 1338c6e5d97b6096c8316516c16ede168dd7ee9fb4220f57cfcb0077bbbdbdbe
iFunBox Free 1.1 Local File Inclusion
Posted Oct 22, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

iFunBox Free version 1.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | a6b1648c529a9a0941a3df3a8a7715c0433175744acbe0ac28bdbdd9fdc27bd8
iBackup 10.0.0.32 Local Privilege Escalation
Posted Oct 22, 2014
Authored by Glafkos Charalambous

There are weak permissions for IBackupWindows default installation where everyone is allowed to change the ib_service.exe with an executable of their choice. When the service restarts or the system reboots the attacker payload will execute on the system with SYSTEM privileges. Versions 10.0.0.32 and below are affected.

tags | advisory
advisories | CVE-2014-5507
SHA-256 | 242ccf791d59eefa7b2dae5e7a23750351c763b99ad78523cea13e2cb9d8be66
FreeBSD Security Advisory - routed(8) Remote Denial Of Service
Posted Oct 22, 2014
Authored by Hiroki Sato | Site security.freebsd.org

FreeBSD Security Advisory - The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network. Upon receipt of a query from a source which is not on a directly connected network, routed(8) will trigger an assertion and terminate. The affected system's routing table will no longer be updated. If the affected system is a router, its routes will eventually expire from other routers' routing tables, and its networks will no longer be reachable unless they are also connected to another router.

tags | advisory
systems | freebsd
advisories | CVE-2014-3955
SHA-256 | 4417c0ac7112fd0a1df452df61df6f5046872f2983c2f925f6d59dcf0333ff89
DotNetNuke DNNspot Store (UploadifyHandler.ashx) 3.0.0 File Upload
Posted Oct 22, 2014
Authored by Glafkos Charalambous | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found in DotNetNuke DNNspot Store module versions below 3.0.0.

tags | exploit, arbitrary, file upload
SHA-256 | 8d7b2e5c58eb4c7ab4147e4b1bbfc4bb6ee33a5ccd9b1c34821eb93b975e53ff
FreeBSD Security Advisory - rtsold(8) Remote Buffer Overflow
Posted Oct 22, 2014
Authored by Florian Obser, Hiroki Sato | Site security.freebsd.org

FreeBSD Security Advisory - Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold(8). Receipt of a router advertisement message with a malformed DNSSL option, for instance from a compromised host on the same network, can cause rtsold(8) to crash. While it is theoretically possible to inject code into rtsold(8) through malformed router advertisement messages, it is normally compiled with stack protection enabled, rendering such an attack extremely difficult. When rtsold(8) crashes, the existing DNS configuration will remain in force, and the kernel will continue to receive and process periodic router advertisements.

tags | advisory, overflow, kernel
systems | freebsd
advisories | CVE-2014-3954
SHA-256 | e1f62a6f25f130e67a8c1e26993a5607009075d124b8af637931966a65521b56
FreeBSD Security Advisory - namei Memory Leak
Posted Oct 22, 2014
Authored by Mateusz Guzik | Site security.freebsd.org

FreeBSD Security Advisory - The namei facility will leak a small amount of kernel memory every time a sandboxed process looks up a nonexistent path name. A remote attacker that can cause a sandboxed process (for instance, a web server) to look up a large number of nonexistent path names can cause memory exhaustion.

tags | advisory, remote, web, kernel
systems | freebsd
advisories | CVE-2014-3711
SHA-256 | 9f8ed0e936fbf5d1fb78455e4ed7b09c663c7772d634ea2b4ab832a530fd924d
Cisco Ironport WSA telnetd Remote Code Execution
Posted Oct 22, 2014
Authored by Glafkos Charalambous

The Cisco Ironport WSA virtual appliances are vulnerable to an old FreeBSD telnetd encryption Key ID buffer overflow which allows remote attackers to execute arbitrary code. Cisco WSA Virtual appliances have the vulnerable telnetd daemon enabled by default.

tags | advisory, remote, overflow, arbitrary
systems | cisco, freebsd
advisories | CVE-2011-4862
SHA-256 | 1e50defbccefef3b6417c5dae6f4b42e12ae0ee91e5966ab9e31f8406c261827
File Manager 4.2.10 Code Execution
Posted Oct 22, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

File Manager version 4.2.10 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | 484ac02dc4a0004f691cf9fe24df57db3dad1c95ed0f38a4cbd870263711a3e3
Mulesoft ESB Runtime 3.5.1 Privilege Escalation / Code Execution
Posted Oct 22, 2014
Authored by Brandon Perry

Mulesoft ESB Runtime version 3.5.1 suffers from an authenticated privilege escalation vulnerability that can lead to remote code execution.

tags | exploit, remote, code execution
SHA-256 | 08794d520edeb726f186f14cdf7b89697a8145e119476f5b25642ede0d501b5c
Red Hat Security Advisory 2014-1691-01
Posted Oct 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1691-01 - PackStack is a command-line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof-of-concept installations and more complex multi-node installations. It was discovered that the nova.conf configuration generated by PackStack did not correctly set the libvirt_vif_driver configuration option if the Open vSwitch monolithic plug-in was not used. This could result in deployments defaulting to having the firewall disabled unless the nova configuration was manually modified after PackStack was started.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3703
SHA-256 | f4fd29f4deafb921937eac96169ee90bc72bc629e80d09199a5916266953c442
Red Hat Security Advisory 2014-1689-01
Posted Oct 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1689-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware driver and the VNC proxy service were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-8750
SHA-256 | 9a2bc3551d2a5e4275947e9efb42042cdc9a763e4a26b1f4b5cce23d426ab8fc
Red Hat Security Advisory 2014-1690-01
Posted Oct 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1690-01 - The python-backports-ssl_match_hostname package provides RFC 6125 compliant wildcard matching. A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. This issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, remote, denial of service, python
systems | linux, redhat
advisories | CVE-2013-2099
SHA-256 | 630f007e3d3cbb97e3d958feade33386613235e76e9498f96c508f28f5197ea2
Red Hat Security Advisory 2014-1687-02
Posted Oct 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1687-02 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. It was discovered that a user could temporarily be able to see the URL of a provider template used in another tenant. If the template itself could be accessed, then additional information could be leaked that would otherwise not be visible.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3801
SHA-256 | 7f7405ebb67a23bad0a5e03b8ca3295a9538a7dcba558003c4904fa12d6899b1
Red Hat Security Advisory 2014-1688-01
Posted Oct 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1688-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. A flaw was found in the keystone V3 API. An attacker could send a single request with the same authentication method multiple times, possibly leading to a denial of service due to generating excessive load with minimal requests. Only keystone setups with the V3 API enabled were affected by this issue.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-2828, CVE-2014-3621
SHA-256 | bc5ed9f6d904f1a939908666e1172587fbdc5ef969af0ca5fa10b16749557d41
Red Hat Security Advisory 2014-1692-01
Posted Oct 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1692-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-3513, CVE-2014-3567
SHA-256 | 477e81c0daa2c159986f76e111440acbc133e23811a280839718932c86498c2c
Red Hat Security Advisory 2014-1685-01
Posted Oct 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1685-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. It was discovered that the image_size_cap configuration option in glance was not honored. An authenticated user could use this flaw to upload an image to glance and consume all available storage space, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-5356
SHA-256 | a0090c9c0db888d7edb166344afcc29c4908804d642c308d51e21d0462a2cc7d
Red Hat Security Advisory 2014-1686-01
Posted Oct 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1686-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default values. This could lead to unexpected behavior or in some cases result in a denial of service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-6414
SHA-256 | 4553f193356bf896b30b765aeb32390b4fac80bfe94e845dc99e02d1d3b8d081
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close