USN-1571-1: DHCP vulnerability

Glen Eustace discovered that the DHCP server incorrectly handled IPv6 expiration times. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. This issue only affected Ubuntu 11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. CVE-2012-3955 Dan Rosenberg discovered...

Moderate: Red Hat Security Advisory: spice-gtk security update

Updated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CentOS Update for dbus CESA-2012:1261 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

dbus security update

CentOS Errata and Security Advisory CESA-2012:1261 Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score...

CVE-2012-3478

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...

CVE-2012-3478

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...

CVE-2012-3478

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line...

CVE-2012-3478

CVE-2012-3478 affects the restricted shell implementation rssh (versions 2.3.3 and earlier). The root cause is that crafted environment variables in the command line allow local users to bypass intended restricted-shell access, enabling privilege escalation to some degree and bypass of restrictio...

CVE-2012-3478

Removed by vendor...

Scientific Linux Security Update : sudo on SL5.x i386/x86_64

A flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the environment variables set by sudo, which could result in those values being used by the executed comma...

abrt, libreport, btparser, and python-meh security and bug fix update

abrt 2.0.8-6.0.1.el6 - Add abrt-oracle-enterprise.patch to be product neutral - Remove abrt-plugin-rhtsupport dependency for cli and desktop - Make abrt Obsoletes/Provides abrt-plugin-rhtsupprot 2.0.8-6 - enable plugin services after install rhbz820515 - Resolves: 820515 2.0.8-5 - removed the...

Windows Manage PowerShell Download and/or Execute

This module will download and execute a PowerShell script over a meterpreter session. The user may also enter text substitutions to be made in memory before execution. Setting VERBOSE to true will output both the script prior to execution and the results. This module requires Metasploit:...

rssh restrictions bypass

It's possible to bypass restrictions by manipulating with environment variables...

rssh -- arbitrary command execution

Derek Martin rssh maintainer reports: Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. As far as I can tell, there is no way to effect a root compromise, except of course if the root account is th...

PHP < 5.3.11 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is potentially affected by multiple vulnerabilities : - During the import of environment variables, temporary changes to the 'magicquotesgpc' directive are not handled properly. This can...

Разработка эксплоитов для Linux. Часть 4 – обход ASCII armor и возврат в plt

Автор: sickness Блог автора: Перевод: Gh0St 07.04.2012 Разработка эксплоитов для Linux. Часть 4 – обход ASCII armor и возврат в plt. ПРИМЕЧАНИЕ: Перед чтением данного документа, рекомендуется ознакомиться со следующими работами: Руководство по написанию эксплоитов для Linux. Часть I – переполнени...

RedHat Update for cups RHSA-2012:0302-03

Check for the Version of cups OpenVAS Vulnerability Test RedHat Update for cups RHSA-2012:0302-03 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

EMC RSA enVision information leakage

It's possible to obtain environment variables values...

Debian: Security Advisory (DSA-2327-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-2326-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...