Friday, January 3rd, 2014 |
2:06 pm |
Ubuntu Security Notice USN-2069-1 http://packetstormsecurity.com/files/124634/USN-2069-1.txt Ubuntu Security Notice 2069-1 - Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges. Various other issues were also addressed. |
3:32 pm |
|
3:20 pm |
Ubuntu Security Notice USN-2072-1 http://packetstormsecurity.com/files/124656/USN-2072-1.txt Ubuntu Security Notice 2072-1 - Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. Various other issues were also addressed. |
3:28 pm |
|
3:20 pm |
Ubuntu Security Notice USN-2076-1 http://packetstormsecurity.com/files/124657/USN-2076-1.txt Ubuntu Security Notice 2076-1 - Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. Various other issues were also addressed. |
3:20 pm |
Ubuntu Security Notice USN-2074-1 http://packetstormsecurity.com/files/124655/USN-2074-1.txt Ubuntu Security Notice 2074-1 - Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. Various other issues were also addressed. |
9:29 pm |
Hydra Network Logon Cracker 7.6 http://packetstormsecurity.com/files/124662/hydra-7.6.tar.gz THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus. |
3:24 pm |
IcoFX Stack Buffer Overflow http://packetstormsecurity.com/files/124659/icofx_bof.rb.txt This Metasploit module exploits a stack-based buffer overflow vulnerability in version 2.1 of IcoFX. The vulnerability exists while parsing .ICO files, where an specially crafted ICONDIR header, providing an arbitrary long number of images into the file, can be used to trigger the overflow when reading the ICONDIRENTRY structures. |
3:22 pm |
IBM Forms Viewer Unicode Buffer Overflow http://packetstormsecurity.com/files/124658/ibm_forms_viewer_fontname.rb.txt This Metasploit module exploits a stack-based buffer overflow in IBM Forms Viewer. The vulnerability is due to a dangerous usage of strcpy-like function, and occurs while parsing malformed XFDL files, with a long fontname value. This Metasploit module has been tested successfully on IBM Forms Viewer 4.0 on Windows XP SP3 and Windows 7 SP1. |
2:07 pm |
Ubuntu Security Notice USN-2073-1 http://packetstormsecurity.com/files/124636/USN-2073-1.txt Ubuntu Security Notice 2073-1 - Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges. Various other issues were also addressed. |
3:14 pm |
|
3:06 pm |
|
3:00 pm |
Haveged 1.8 http://packetstormsecurity.com/files/124651/haveged-1.8.tar.gz haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM. |
2:10 pm |
HP Security Bulletin HPSBMU02895 SSRT101253 http://packetstormsecurity.com/files/124641/HPSBMU02895-SSRT101253.txt HP Security Bulletin HPSBMU02895 SSRT101253 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 1 of this advisory. |
2:07 pm |
Debian Security Advisory 2833-1 http://packetstormsecurity.com/files/124640/dsa-2833-1.txt Debian Linux Security Advisory 2833-1 - was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this updates disables the insecure Dual_EC_DRBG algorithm and no longer uses the RdRand feature available on some Intel CPUs as a sole source of entropy unless explicitly requested. |
2:07 pm |
|
3:16 pm |
|
2:06 pm |
Ubuntu Security Notice USN-2070-1 http://packetstormsecurity.com/files/124635/USN-2070-1.txt Ubuntu Security Notice 2070-1 - Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. Various other issues were also addressed. |
2:07 pm |
Debian Security Advisory 2831-1 http://packetstormsecurity.com/files/124638/dsa-2831-1.txt Debian Linux Security Advisory 2831-1 - An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. |
2:07 pm |
Ubuntu Security Notice USN-2075-1 http://packetstormsecurity.com/files/124637/USN-2075-1.txt Ubuntu Security Notice 2075-1 - Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. Various other issues were also addressed. |