Debian DSA-3904-1 : bind9 - security update

Clement Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server. - CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative DNS server...

PT-2017-2476 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.11.9 Description: The issue is related to the mq notify function in the Linux kernel, which does not set the sock pointer to NULL upon entry into the retry logic. This allows attackers to cause a denial of...

CVE-2017-3142

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection wit...

UBUNTU-CVE-2017-3142

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection wit...

staying.com XSS vulnerability

Vulnerable URL: http://staying.com/?refclickid=%22%3E%3Csvg/onload=alert%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6764481 VIP website status:| No Check...

How A Bug Hunter Forced Apple to Completely Remove A Newly Launched Feature

Recently Apple released a new Feature for iPhone and iPad users, but it was so buggy that the company had no option other than rolling back the feature completely. In November, Apple introduced a new App Store feature, dubbed "Notify" button — a bright orange button that users can click if they...

Vulnerabilities Leave iTunes, Apple's App Store Open to Script Injection

Apple is reportedly aware of and is in the middle of fixing a pair of vulnerabilities that exist in iTunes and the App Store. If exploited, researchers claim an attacker could inject malicious script into the application side of the vulnerable module or function. Vulnerability Lab’s Benjamin Kunz...

systemd: freeze when PID 1 receives a zero-length message over notify socket

A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd...

Adobe Marketing Cloud - Bypass & Persistent Vulnerability

Document Title: =============== Adobe Marketing Cloud - Bypass & Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1939 Release Date: ============= 2016-11-14 Vulnerability Laboratory ID VL-ID: ====================================...

systemd: Assertion failure when PID 1 receives a zero-length message over notify socket

A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd...

systemd: Assertion failure when PID 1 receives a zero-length message over notify socket

A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd...

CVE-2016-7796

The managerdispatchnotifyfd function in systemd allows local users to cause a denial of service system hang via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled...

DEBIAN-CVE-2016-7796

The managerdispatchnotifyfd function in systemd allows local users to cause a denial of service system hang via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled...

CVE-2016-7796

The managerdispatchnotifyfd function in systemd allows local users to cause a denial of service system hang via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled...

CVE-2016-7795

The managerinvokenotifymessage function in systemd 231 and earlier allows local users to cause a denial of service assertion failure and PID 1 hang via a zero-length message received over a notify socket...

DEBIAN-CVE-2016-7795

The managerinvokenotifymessage function in systemd 231 and earlier allows local users to cause a denial of service assertion failure and PID 1 hang via a zero-length message received over a notify socket...

Design/Logic Flaw

The managerdispatchnotifyfd function in systemd allows local users to cause a denial of service system hang via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled...

UBUNTU-CVE-2016-7796

The managerdispatchnotifyfd function in systemd allows local users to cause a denial of service system hang via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled...

CVE-2016-7796

The managerdispatchnotifyfd function in systemd allows local users to cause a denial of service system hang via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled...

UBUNTU-CVE-2016-7795

The managerinvokenotifymessage function in systemd 231 and earlier allows local users to cause a denial of service assertion failure and PID 1 hang via a zero-length message received over a notify socket...