Ubuntu Security Notice 1324-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
a1449f1dd485b288467f2cc888032eb2Ubuntu Security Notice 1325-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. Various other issues were also addressed.
20872b8ad94c5dfc762da14f90a1c428Ubuntu Security Notice 1323-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. Various other issues were also addressed.
fdb340e96b1e846de292fced5033b322Ubuntu Security Notice 1326-1 - Nachi Ueno, Rohit Karajgi, and Venkatesan Ravikumar discovered that when Nova is configured to use the OpenStack API, it would not correctly enforce access controls on certain incoming requests. A remote authenticated attacker could exploit this to change resources of arbitrary tenants.
5e39eca31c83688eca2d1777f5b07a40RhoneWeb suffers from a cross site scripting vulnerability.
7312c6c043b220498370b19d4ccd865aSecunia Security Advisory - Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system.
e9b15b43e76cc15912dddeef15682b37Debian Linux Security Advisory 2385-1 - Ray Morris discovered that the PowerDNS authoritative sever responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service.
b92960456d5f8c202ba708a41a7c939fTechnical Cyber Security Alert 2012-10A - There are multiple vulnerabilities in Microsoft Windows and Microsoft Developer Tools and Software. Microsoft has released updates to address these vulnerabilities.
a6c695a97f3888dea121b14c5014c6ddZero Day Initiative Advisory 12-011 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 32779. When decoding the xdr encoded caller_name from an NLM_TEST procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
504bcc0ea7b01fa7476bb60c0841e362Red Hat Security Advisory 2012-0011-01 - Adobe Reader allows users to view and print documents in Portable Document Format. This update fixes two security flaws in Adobe Reader. All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.7, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.
945a0369b3849a0599a2e9b11a577423Red Hat Security Advisory 2012-0010-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A malicious CIFS server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. The way fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload functionality on were handled could allow a remote attacker to cause a denial of service.
fef4d4e68b2f0a6500318db2dfce9ac7Zero Day Initiative Advisory 12-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
3425dcdcb709eb9367f89d3e4723c9b8This bulletin summary lists 7 Microsoft security bulletins released for January, 2012.
b9b8e7e5c80c67414807751c47c34862Red Hat Security Advisory 2012-0007-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk.
6edc55a9494d43e9670cb4fb66d5c724Zero Day Initiative Advisory 12-09 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
b3bc32000a4bdf43939cde81029f7f4dThis proof of concept reverse engineering code demonstrates SEHOP chain validation.
51cce128eb69749ce5846a7d9b1c95f0Whitepaper called SafeSEH+SEHOP all-at-once bypass exploitation method principles.
83ce42a2ebc0a0cb5a110a97fb019c23Giveaway Manager version 3 suffers from a cross site scripting vulnerability.
773d3342cedbcf5b058ece4f21f6a958Whitepaper called Buffer Overflows: Anatomy of an Exploit. A look at how systems are exploited and why these exploits exist.
5ed1c91a3ec36484f952cddff2c5778aSecunia Security Advisory - Two vulnerabilities have been discovered in SimpleSAMLphp, which can be exploited by malicious people to conduct cross-site scripting attacks.
f8440bf2fd4c0a5324bd27790b05e387Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system.
5715c66234cc1a6ab5e1329d36b1fbfeSecunia Security Advisory - Debian has issued an update for pdns. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
022d6e4a12016fd2b976b36bba20ad7bSecunia Security Advisory - A vulnerability has been reported in PowerDNS, which can be exploited by malicious people to cause a DoS (Denial of Service).
f71f8576267335b80d4315fb45136234Secunia Security Advisory - Ubuntu has issued an update for linux. This fixes a weakness and two vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and to cause a DoS (Denial of Service).
5c36dcc41e32f8b5040ca9268184bfc4Secunia Security Advisory - Blue Coat has acknowledged multiple weaknesses, security issues and vulnerabilities in Blue Coat IntelligenceCenter, which can be exploited by malicious, local users to disclose sensitive information and bypass certain security restrictions, by malicious users to disclose sensitive information, bypass certain security restrictions, manipulate certain data, gain escalated privileges, cause a DoS (Denial of Service), and compromise a vulnerable system, and by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain system information, bypass certain security restrictions, and cause a DoS (Denial of Service).
984a31b13ab74b26f506a9e6db8d1f26
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed