what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 51 RSS Feed

Files Date: 2015-12-16

FreeBSD Security Advisory - BIND Denial Of Service
Posted Dec 16, 2015
Site security.freebsd.org

FreeBSD Security Advisory - An error in the parsing of incoming responses allows some records with an incorrect class to be be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. An attacker who can cause a server to request a record with a malformed class attribute can use this bug to trigger a REQUIRE assertion in db.c, causing named to exit and denying service to clients. The risk to recursive servers is high. Authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs.

tags | advisory
systems | freebsd
advisories | CVE-2015-8000
SHA-256 | 3f66432f8713d26de09e56124d8b800cfcef8c7957a74030786c6c424fe61925
Ubuntu catman Local Privilege Escalation
Posted Dec 16, 2015
Authored by halfdog

This is a short article on how to escalate privileges from man/man to root/root via the "catman" cron job.

tags | exploit, root
SHA-256 | 175278cb086bb0f7bb489a8359cc3e5d03b693facbe6d7c758563828b7199624
Ubuntu setgid Directory Privilege Escalation
Posted Dec 16, 2015
Authored by halfdog

This is a short article how to use the setgid directory /var/cache/man to escalate privileges from man/man to man/root on Ubuntu Vivid.

tags | exploit, root
systems | linux, ubuntu
SHA-256 | 3814fe1e9b83323aa0084f50fe299d22950a17ddb5de4ff5dab6bed52b7cc86c
Positive Hack Days VI Call For Papers
Posted Dec 16, 2015
Site phdays.com

Call For Papers for Positive Hack Days VI which will take place May 17th through the 18th, 2016 in Moscow, Russia.

tags | paper, conference
SHA-256 | 3df571b850a7a4b44a22e54aa2b9910d22144046d235bf905354a855f5a0c0ab
Slackware Security Advisory - bind Updates
Posted Dec 16, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-3193, CVE-2015-8000, CVE-2015-8461
SHA-256 | 954fcd7265ef6b16e0e2b91fc3328efa7624c4c4eb6ff428f6cd80aaed80cb56
Slackware Security Advisory - libpng Updates
Posted Dec 16, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-8472
SHA-256 | 101dd060194f8523c428e21d309fc31e7c0fb49dd54eb5a40f6a4f94fa8aea46
Debian Security Advisory 3420-1
Posted Dec 16, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3420-1 - It was discovered that the BIND DNS server does not properly handle the parsing of incoming responses, allowing some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. A remote attacker can exploit this flaw to cause a denial of service against servers performing recursive queries.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2015-8000
SHA-256 | d95fc93697042d34212e4968f3aecb3897ebd34cc4fccbca08169849034f6cea
Red Hat Security Advisory 2015-2658-01
Posted Dec 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2658-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-8000
SHA-256 | 8e1e474f25a1c109649e7429771e70b380223b178678edde08358aa2678611f5
Debian Security Advisory 3422-1
Posted Dec 16, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3422-1 - Multiple security issues have been found in Iceweasel, Debian's version integer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin policy or denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-7201, CVE-2015-7205, CVE-2015-7210, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214, CVE-2015-7222
SHA-256 | 8f6d6c0836ae72eec29c173df053ce4e8e0b88d6a72a7225e8f0f53732d53e2c
Red Hat Security Advisory 2015-2661-01
Posted Dec 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2661-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and prevent further, legitimate connections to the Tomcat server.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2013-5704, CVE-2014-0230, CVE-2015-3183
SHA-256 | cf1a4249c4f08aac42a4d15cf5cb14bcad7304449de1390dcbf1127a209baab1
Red Hat Security Advisory 2015-2660-01
Posted Dec 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2660-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and prevent further, legitimate connections to the Tomcat server.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2013-5704, CVE-2014-0230, CVE-2015-3183
SHA-256 | 66e05ca1b341f7d3c1b9cca1e65d11a6cababeedfb7b575eef78359569661f63
Red Hat Security Advisory 2015-2657-01
Posted Dec 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2657-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handled content using the 'data:' and 'view-source:' URIs. An attacker could use this flaw to bypass the same-origin policy and read data from cross-site URLs and local files.

tags | advisory, web, arbitrary, local
systems | linux, redhat
advisories | CVE-2015-7201, CVE-2015-7205, CVE-2015-7210, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214, CVE-2015-7222
SHA-256 | c837c782c576690057963a4b084807c52b5d209aea24f7f2bca7c40e3a79a6d5
Red Hat Security Advisory 2015-2655-01
Posted Dec 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2655-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-8000
SHA-256 | 2c733d6c3c282bdb076f79e1e038ea6cc3256b0e18b184395081ed3f8e598016
Red Hat Security Advisory 2015-2656-01
Posted Dec 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2656-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-8000
SHA-256 | 0b389833211090542c5f4dcf17854a0dbcd84652638b19e3e66d439700dbdc44
Red Hat Security Advisory 2015-2659-01
Posted Dec 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2659-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and prevent further, legitimate connections to the Tomcat server.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2013-5704, CVE-2014-0230, CVE-2015-3183
SHA-256 | 4c1a70a35cd943eaffc8cf30bea91ac0cda719d92d0f834d27138d3c8ca550ef
HPE Security Bulletin HPSBUX03529 SSRT102967 1
Posted Dec 16, 2015
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03529 SSRT102967 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2015-5722, CVE-2015-8000
SHA-256 | 900b6d0f23492bb81c5701d07166014454a7d4d8edd5443ced5edb02fd85edb2
Ubuntu Security Notice USN-2838-2
Posted Dec 16, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2838-2 - Adam Chester discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user.

tags | advisory, remote, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2015-8560
SHA-256 | 56d923dc67ea7b0970ba7700c4ef4792ff1937bcf61c1a5b9a7601482e34850e
Ubuntu Security Notice USN-2838-1
Posted Dec 16, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2838-1 - Adam Chester discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user.

tags | advisory, remote, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2015-8560
SHA-256 | b560d88e34610144153770fd0cccff1691bb1acc7f29695111c1cec3d2a1f8d2
Ubuntu Security Notice USN-2839-1
Posted Dec 16, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2839-1 - As a security improvement against the POODLE attack, this update disables SSLv3 support in the CUPS web interface. For legacy environments where SSLv3 support is still required, it can be re-enabled by adding "SSLOptions AllowSSL3" to /etc/cups/cupsd.conf.

tags | advisory, web
systems | linux, ubuntu
SHA-256 | 1962e88312753ed6934b53c14aafc752a3a3f45e659ee785fb483543e0eabbee
Red Hat Security Advisory 2015-2620-01
Posted Dec 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2620-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A privilege escalation flaw was discovered in CloudForms, where in certain situations, CloudForms could read encrypted data from the database and then write decrypted data back into the database. If the database was then exported or log files generated, a local attacker might be able to gain access to sensitive information.

tags | advisory, web, local, ruby
systems | linux, redhat
advisories | CVE-2015-7502
SHA-256 | 6d869afc5259f941b1ac9ef7657e785b32117dca505d7c4447589b75510bf9d5
Slackware Security Advisory - openssl Updates
Posted Dec 16, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196
SHA-256 | 45bb3f03083cb964bed263c45381e6d8ca8c6ec617a2e8a70c6797a36ef40a21
PHPads 2.0 File Disclosure
Posted Dec 16, 2015
Authored by indoushka

PHPads version 2.0 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 66da5278e1474a1bed5a60a4ad00615e9a556c067fc66caa83c3044dd1e7544f
FireEye Wormable Remote Code Execution In MIP JAR Analysis
Posted Dec 16, 2015
Authored by Google Security Research, natashenka

The FireEye MPS (Malware Protection System) is vulnerable to a remote code execution vulnerability, simply from monitoring hostile traffic. FireEye is designed to operate as a passive network tap, so that it can see all the files and emails that enter a monitored network. This vulnerability allows an attacker to compromise the FireEye device, get a root shell and start monitoring all traffic on the victim network (emails, attachments, downloads, web browsing, etc). This is about the worst possible vulnerability that you can imagine for a FireEye user, it literally does not get worse than this.

tags | exploit, remote, web, shell, root, code execution
systems | linux
SHA-256 | 5b71a70797f1a740a3f3bf38f4315c8da4214ac349a05291753b4222407a507f
Wireshark Dissect_tds7_colmetadata_token Buffer Overflow
Posted Dec 16, 2015
Authored by Google Security Research, mjurczyk

An ASAN build of Wireshark suffers from a stack-based buffer overflow in Dissect_tds7_colmetadata_token.

tags | exploit, overflow
systems | linux
SHA-256 | a513ef102a6d09a4c0860fe8eb07b545bf2e2a8590cbd326c943e0fb7f61a54c
Wireshark Wmem_alloc Assertion Failure Crash
Posted Dec 16, 2015
Authored by Google Security Research, mjurczyk

An ASAN build of Wireshark suffers from an assertion failure crash in Wmem_alloc.

tags | exploit
systems | linux
SHA-256 | d76d5af25e60f85c530d3808dd9199b9ec3a18995112137b8a00d6e869656eac
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close