Microsoft .NET Framework ASLR安全限制绕过漏洞(CVE-2014-0295)(MS14-009)

BUGTRAQ ID: 65418 CVECAN ID: CVE-2014-0295 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 Microsoft.NET Framework没有正确实现地址空间布局随机化，存在安全限制绕过漏洞。此漏洞可使攻击者绕过ASLR安全功能，然后即可加载恶意代码，利用其它漏洞。 0 Microsoft .NET Framework 4.x...

MS14-009: Vulnerabilities in .NET Framework Could Allow Privilege Escalation (2916607)

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - An error exists related to handling stale or closed HTTP client connections that can allow denial of service attacks. CVE-2014-0253 - An error exists related to decisions...

MS13-106: Farewell to another ASLR bypass

Today we released MS13-106 which resolves a security feature bypass that can allow attackers to circumvent Address Space Layout Randomization ASLR using a specific DLL library HXDS.DLL provided as part of Microsoft Office 2007 and 2010. The existence of an ASLR bypass does not directly enable the...

ASLR bypass techniques are popular with APT attacks

Address space layout randomization ASLR is a security technique involved in protection from buffer overflow attacks. Many recent APT Advanced Persistent Threat attacks have utilized many different ASLR bypass techniques during the past year, according to Researchers at FireEye. Many exploits and...

GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201309-23 Mozilla Products: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote...

Internet Explorer zero-day exploit used watering hole attacks to target Japanese users

Attackers exploiting a zero-day vulnerability CVE-2013-3893 in Microsoft’s Internet Explorer browser and served them on compromised popular Japanese news websites. According to FireEye, at least three major Japanese media websites were compromised in watering hole attacks, dubbed Operation...

Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063

Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization ASLR and Data Execution Prevention DEP. As we’ve described in the past, these mitigations pl...

Oracle Linux 5 : kernel (ELSA-2013-1034-1)

From Red Hat Security Advisory 2013:1034 : Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS...

Oracle Linux 5 : kernel (ELSA-2013-0168)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0168 advisory. - x86 mm: randomize SHLIBBASE Petr Matousek 804953 804954 CVE-2012-1568 - net ipv6: discard overlapping fragment Jiri Pirko 874837 874838 CVE-2012-4444...

RHEL 5 : kernel (RHSA-2013:1034)

Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

CentOS 5 : kernel (CESA-2011:0833)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Ubuntu: Security Advisory (USN-1793-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-1796-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for linux-lts-quantal USN-1795-1

Check for the Version of linux-lts-quantal OpenVAS Vulnerability Test $Id: gbubuntuUSN17951.nasl 8509 2018-01-24 06:57:46Z teissa $ Ubuntu Update for linux-lts-quantal USN-1795-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu Update for linux USN-1793-1

Check for the Version of linux OpenVAS Vulnerability Test $Id: gbubuntuUSN17931.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for linux USN-1793-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; yo...

Ubuntu: Security Advisory (USN-1798-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for linux-lts-backport-oneiric USN-1788-1

Check for the Version of linux-lts-backport-oneiric OpenVAS Vulnerability Test $Id: gbubuntuUSN17881.nasl 8456 2018-01-18 06:58:40Z teissa $ Ubuntu Update for linux-lts-backport-oneiric USN-1788-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-1787-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1788-1)

Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to bypass ASLR Address Space Layout Randomization. A local user could use this flaw to bypass ASLR to reliably deliver an exploit payload that would otherwise be stopp...

CentOS Update for firefox CESA-2013:0144 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...