Updated wireshark packages fix security vulnerabilities

The MRDISC dissector could crash CVE-2017-17997. The IxVeriWave file parser could crash CVE-2018-5334. The WCP dissector could crash CVE-2018-5335. Multiple dissectors could crash CVE-2018-5336. Prior to this release dumpcap enabled the Linux kernel’s BPF JIT compiler via the net.core.bpfjitenabl...

MGASA-2018-0071 Updated wireshark packages fix security vulnerabilities

The MRDISC dissector could crash CVE-2017-17997. The IxVeriWave file parser could crash CVE-2018-5334. The WCP dissector could crash CVE-2018-5335. Multiple dissectors could crash CVE-2018-5336. Prior to this release dumpcap enabled the Linux kernel’s BPF JIT compiler via the net.core.bpfjitenabl...

Experts Weigh In On Spectre Patch Challenges

The race to patch against the Meltdown and Spectre processor vulnerabilities disclosed last week is on. As of today, there are no known exploits in the wild impacting vulnerable Intel, AMD and ARM devices. Currently, vendors are focused on three main mitigation efforts. Patches that address the...

RetDec - A Retargetable Machine-Code Decompiler

RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code. Supported architectures 32b...

UBUNTU-CVE-2017-17862

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service...

IBM Db2 SQL Compiler Denial of Service Vulnerability

IBM Db2 is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:db2"; ifdescriptio...

Retargetable Machine-Code Decompiler: RetDec

RetDec is a retargetable machine-code decompiler based on LLVM . The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code. Supported architectures 32...

difuze - Fuzzer for Linux Kernel Drivers

Fuzzer for Linux Kernel Drivers Tested on Ubuntu = 14.04.5 LTS As explained in our paper, There are two main components of difuze: Interface Recovery and Fuzzing Engine 1. Interface Recovery The Interface recovery mechanism is based on LLVM analysis passes. Every step of interface recovery are...

Microsoft Edge Chakra JIT GlobOpt::OptTagChecks Property Consideration Exploit

Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: GlobOpt::OptTagChecks must consider IsLoopPrePass properly CVE-2017-11840 Some background: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 There's one more place that emits a BailOnNotObject opcode...

Arbitrary Code Execution

scala-compiler is vulnerable to arbitrary code execution. A malicious user can write and execute arbitrary scala class files on the system through the compiler daemon due to weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port...

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Microsoft Edge as a result of how memory is accessed in code compiled by the Edge Just-In-Time JIT compiler that allows Control Flow Guard CFG to be bypassed. By itself, this CFG bypass vulnerability does not allow arbitrary code execution. Howeve...

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2017-11799)

Bailout: "ChakraCore’s background JIT compiler generates highly optimized JIT’ed code based upon the data and infers likely usage patterns based on the profile data collected by the interpreter. Given the dynamic nature of JavaScript code, if the code gets executed in a way that breaks the profil...

October 2017 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 updates for Windows Server 2012 (KB 4043769)

October 2017 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 updates for Windows Server 2012 KB 4043769 Notice This update has been released as part of the October 2017 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 update...

Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1333 Bailout: "ChakraCore’s background JIT compiler generates highly optimized JIT’ed code based upon the data and infers likely usage patterns based on the profile data collected by the interpreter. Given the dynamic nature of...

Microsoft Edge Chakra JIT Incorrect GenerateBailOut Calling Patterns

Microsoft Edge: Chakra: JIT: Incorrect GenerateBailOut calling patterns CVE-2017-11799 Bailout: "ChakraCoreas background JIT compiler generates highly optimized JITaed code based upon the data and infers likely usage patterns based on the profile data collected by the interpreter. Given the dynam...

Medium: openssh

Issue Overview: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. CVE-2016-6210 It was found that OpenSSH...

[SECURITY] Fedora 27 Update: pkgconf-1.3.9-1.fc27

pkgconf is a program which helps to configure compiler and linker flags for development frameworks. It is similar to pkg-config from freedesktop.org and handles .pc files in a similar manner as pkg-config...

Linux/x86_64 - mkdir() evil Shellcode (30 bytes)

/ ;Title: Linux/x8664 - mkdir shellcode 30 bytes ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: Create Folder with 755 permission. ; You can Change folder by change code in ASM in fname Field ;Shellcode Length: 30...

FreeBSD : perl -- multiple vulnerabilities (d9e82328-a129-11e7-987e-4f174049b30a)

SO-AND-SO reports : CVE-2017-12814: $ENV$key stack-based buffer overflow on Windows A possible stack-based buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway. CVE-2017-12837: Heap buffer overflow in regular expression...

Pharos - Static Binary Analysis Framework

The Pharos static binary analysis framework is a project of the Software Engineering Institute at Carnegie Mellon University. The framework is designed to facilitate the automated analysis of binary programs. It uses the ROSE compiler infrastructure developed by Lawrence Livermore National...