The vulnerability of the driver for the microprogramming software of the Cisco TelePresence Multipoint Control Unit allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of the driver for the Microprogramming Software of the Cisco TelePresence Multipoint Control Unit is related to improper checking of packet sizes during the assembly of IPv4 and IPv6 fragments. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or...

Google Patches Six Critical Mediaserver Bugs in Android

Google pushed out its monthly Android patches Monday, addressing 17 critical vulnerabilities, six of which are tied to its problematic Mediaserver component. An additional four critical vulnerabilities related to Qualcomm components in Android handsets including Google’s own Nexus 6P, Pixel XL an...

Based on jemalloc Android exploit skills----CENSUS-bug warning-the black bar safety net

Background description jemalloc-related research argp and huku in 2012 in Phrack published on: jemalloc memory allocator a separate use of themade-based on FreeBSD libc POC. argp and huku in 2012 BlackHat published: in Firefo play bad jemalloc metadata. argp in 2015 INFILTRATE on jemalloc exploit...

BSA-2017-248

Security Advisory ID : BSA-2017-248 Component : IPV6 Revision : 1.0: Interim An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big PTB messages. The scope of this CVE is all affected IPv6 implementations from all vendors. The security implications of IP...

FreeBSD-SA-17:04.ipfilter

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:04.ipfilter Security Advisory The FreeBSD Project Topic: ipfilter4 fragment handling panic Category: contrib Module: ipfilter Announced: 2017-04-27 Credits:...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170321)

Security Fixes : - It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow in scenarios in which actual fragmentation of packets is not needed and could subsequently perform any type of a...

RHEL 6 : kernel (RHSA-2017:0817)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

kernel - IPV6 fragmentation flaw

It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow in scenarios in which actual fragmentation of packets is not needed and could subsequently perform any type of a fragmentation-based attack...

UBUNTU-CVE-2017-7177

Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching...

Cisco ASA Remote Code Execution （CVE-2016-1287）

Remote Code Execution on Cisco ASA A year ago ExodusIntel disclosed a vulnerability affecting the IKE implementation in Cisco’s ASA products. The error is due to an overflow in the checking of reassembled IKE fragments, and allows remote code execution from an unauthenticated attacker. More...

Design/Logic Flaw

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit MCU Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability is due to improper size validation when...

CVE-2017-3792

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit MCU Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability is due to improper size validation when...

Cisco Warns of Critical Flaw in Teleconferencing Gear

Cisco Systems is warning customers of a critical vulnerability affecting three of its TelePresence MCU platform models. The flaw could give attackers the ability to remotely execute code on impacted systems or create conditions favorable to a denial-of-service DoS attack. According to an advisory...

CVE-2016-10142

It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow in scenarios in which actual fragmentation of packets is not needed and could subsequently perform any type of a fragmentation-based attack...

Oracle Linux 7 : kernel (ELSA-2017-0086)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0086 advisory. - net sctp: validate chunk len before actually using it Hangbin Liu 1399458 1399459 CVE-2016-9555 - net sctp: rename WORDTRUNC/ROUND macros Hangbin Liu...

CVE-2016-10142

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big PTB messages. The scope of this CVE is all affected IPv6 implementations from all vendors. The security implications of IP fragmentation have been discussed at length in RFC6274 and RFC7739. An attacker can...

UBUNTU-CVE-2016-10142

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big PTB messages. The scope of this CVE is all affected IPv6 implementations from all vendors. The security implications of IP fragmentation have been discussed at length in RFC6274 and RFC7739. An attacker can...

CVE-2016-10142

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big PTB messages. The scope of this CVE is all affected IPv6 implementations from all vendors. The security implications of IP fragmentation have been discussed at length in RFC6274 and RFC7739. An attacker can...

Design/Logic Flaw

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big PTB messages. The scope of this CVE is all affected IPv6 implementations from all vendors. The security implications of IP fragmentation have been discussed at length in RFC6274 and RFC7739. An attacker can...

CVE-2016-10142

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big PTB messages. The scope of this CVE is all affected IPv6 implementations from all vendors. The security implications of IP fragmentation have been discussed at length in RFC6274 and RFC7739. An attacker can...