Ubuntu: Security Advisory (USN-2565-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2565-1: Linux kernel vulnerabilities

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization ASLR protection mechanism. CVE-2015-1593 An information leak was discovered in the Linux Kernel'...

Ubuntu: Security Advisory (USN-2560-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2)

USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter CNTVCT on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1)

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

Ubuntu 14.10 : linux vulnerabilities (USN-2518-1)

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

USN-2518-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

Linux Kernel ASLR Implementation Insufficient Moisture Vulnerability

Linux Kernel is an open source operating system. The Linux Kernel ALSR implementation suffers from an insufficient moisture problem that allows attackers to exploit vulnerabilities to bypass security restrictions through brute force techniques for further attacks...

Microsoft Office Shared Component ASLR Bypass (MS15-013; CVE-2014-6362)

A security feature bypass vulnerability exists in Microsoft Office Shared Component. The vulnerability is due to an improper implementation of Address Space Layout Randomization ASLR by MSCOMCTL common controls library used by Microsoft Office software. A remote attacker can exploit this issue by...

MS15-009: Description of the security update for JScript9.dll in Internet Explorer: February 10, 2015

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage.SummaryThis article describes the cumulative security update for JScript9.dll in Internet Explorer that is dated February 10, 2015. This security update resolves an iss...

USN-2492-1: Linux kernel vulnerabilities

Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage TLS implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization ASLR protection mechanism. A local user could exploit this fla...

USN-2490-1: Linux kernel vulnerabilities

Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage TLS implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization ASLR protection mechanism. A local user could exploit this fla...

Ubuntu: Security Advisory (USN-2492-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux/x86-64 - Disable ASLR Security - 143 bytes

No description provided by source. / Title: Linux/x86-64 - Disable ASLR Security - 143 bytes Date: 2010-06-17 Tested: Archlinux x8664 k2.6.33 Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan ! Dtabase of shellcodes http://www.shell-storm.org/shellcode/...

PaX 2.6 Kernel Patch Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10264/info PaX for 2.6 series Linux kernels has been reported prone to a local denial of service vulnerability. The issue is reported to present itself when PaX Address Space Layout Randomization Layout ASLR is enabled. T...

Microsoft Internet Explorer Enhanced Protection Mode (EPM) Detection

The remote host has Enhanced Protection Mode EPM enabled for the Microsoft Internet Explorer web browser. Enhanced Protection Mode EPM is an added layer of protection first added in Microsoft Internet Explorer version 10 that provides a security feature set that includes : - individual browser ta...

VUPEN Discloses Details of Patched Firefox Pwn2Own Zero-Days

Contestants at this year’s Pwn2Own contest made no bones about it: they were going after browsers and as it turned out, Firefox had the biggest target on its back. Mozilla’s popular browser was popped four times during the Canadian hacker festival accounting for a quarter of the $800,000-plus in...

When ASLR makes the difference

We wrote several times in this blog about the importance of enabling Address Space Layout Randomization mitigation ASLR in modern software because it’s a very important defense mechanism that can increase the cost of writing exploits for attackers and in some cases prevent reliable exploitation. ...

Complete Microsoft EMET Bypass Developed

SAN FRANCISCO — Researchers at Bromium Labs are expected to announce today they have developed an exploit that bypasses all of the mitigations in Microsoft’s Enhanced Mitigation Experience Toolkit EMET. Principal security researcher Jared DeMott is scheduled to deliver a presentation this morning...

New IE Zero Day Found Targeting Military Intelligence

Attackers were able to compromise the U.S. Veterans of Foreign Wars’ website this week and serve up a previously unknown zero day exploit in Internet Explorer 10, and while motivation behind the campaign is still unclear, experts are speculating its aim was to procure military intelligence...