Ubuntu 12.04 LTS : linux vulnerabilities (USN-1448-1)

A flaw was found in the Linux kernel's KVM Kernel Virtual Machine virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. CVE-2012-1601 Steve Grubb reported a flaw with Linux fscaps file system base capabilities when used to increa...

USN-1448-1: Linux kernel vulnerabilities

A flaw was found in the Linux kernel's KVM Kernel Virtual Machine virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. CVE-2012-1601 Steve Grubb reported a flaw with Linux fscaps file system base capabilities when used to increa...

Ubuntu 10.04 LTS : linux vulnerabilities (USN-1445-1)

A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. CVE-2011-4086 A flaw was found in the Linux kernel's KVM Kernel Virtual Machine virtual cpu setup. An unprivileged local user coul...

kernel: fcaps: clear the same personality flags as suid when fcaps are used

The capbprmsetcreds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities aka fcaps for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted applicatio...

SuSE 10 Security Update : Python (ZYPP Patch Number 8080) (BEAST)

The following issues have been fixed in this update : - hash randomization issues CVE-2012-115 see below - SimpleHTTPServer XSS. CVE-2011-1015 - SSL BEAST vulnerability CVE-2011-3389 The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts...

PT-2012-1031 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.3.3 Description: The issue arises from the improper handling of file system capabilities in the Linux kernel, allowing local users to bypass intended personality restrictions. This can be achieved through a...

Разработка эксплоитов для Linux. Часть 4 – обход ASCII armor и возврат в plt

Автор: sickness Блог автора: Перевод: Gh0St 07.04.2012 Разработка эксплоитов для Linux. Часть 4 – обход ASCII armor и возврат в plt. ПРИМЕЧАНИЕ: Перед чтением данного документа, рекомендуется ознакомиться со следующими работами: Руководство по написанию эксплоитов для Linux. Часть I – переполнени...

RedHat Update for libxml2 RHSA-2012:0324-01

Check for the Version of libxml2 OpenVAS Vulnerability Test RedHat Update for libxml2 RHSA-2012:0324-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Analyzing ASLR in Android Ice Cream Sandwich 4.0

When I first saw the release notes for the new Android Ice Cream Sandwich ICS platform, I was excited to see that Google mentioned that “Android 4.0 now provides address space layout randomization”. For the uninitiated, ASLR randomizes where various areas of memory eg. stack, heap, libs, etc are...

libxml2 security update

2.7.6-4.0.1.el62.4 - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball 2.7.6-4.el62.4 - remove chunk in patch related to configure.in as it breaks rebuild - Resolves: rhbz788845 2.7.6-4.el62.3 - fix previous build to force compilation of...

linux/x86 sys_execve("/sbin/sysctl") 121 bytes polymorphic shellcode

/ sysexecve"/sbin/sysctl", "/sbin/sysctl", "-w", "kernel.randomizevaspace=0" , NULL; 121 bytes polymorphic shellcode Programmer : Paulus Gandung Prakosa syn-attack Thanks to : mywisdom, gunslinger, nofia fitri, chaer.newbie, wenkhairu, ketek, xtr0nic, supermen ganteng, and all devilzc0de members ...

kernel: proc: /proc/<pid>/mem mem_write insufficient permission checking

The memwrite function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc//mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper...

Aviosoft DTV Player buffer overflow vulnerability

Overview Aviosoft DTV Player contains a buffer overflow in the handling of playlist .plf files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Aviosoft DTV Player is a multiple format video player application. Aviosoft DTV Player...

AmmSoft ScriptFTP 3.3 client remote buffer overflow vulnerability

Overview AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command. Description AmmSoft's ScriptFTP client can be exploited to execute arbitrary code when processing GETLIST or GETFI...

[SECURITY] [DSA 2240-1] linux-2.6 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2240-1 [email protected] http://www.debian.org/security/ dann frazier May 24, 2011 http://www.debian.org/security/faq -...

kernel: proc: protect mm start_code/end_code in /proc/pid/stat

The dotaskstat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the startcode and endcode fields in the /proc//stat file for a process executing a PIE...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 1.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

CentOS 4 / 5 : firefox (CESA-2011:0471)

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Zikula < 1.3.1 Security Bypass Vulnerability

Zikula is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2010-4728

Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism...