BIND9 TKEY assert Dos

我们对 9.9.7-P1 和 9.9.7-P2 这两个版本进行了 diff,发现其主要 Patch 点位于 lib/dns/tkey.c文件中第 653 行 dnstkeyprocessquery 函数中: 在该函数中两次调用 dnsmessagefindname 函数来分别从 DNSSECTIONADDITIONAL 和 DNSSECTIONANSWER 中寻找 TEKY 记录,从代码中可以看到,第一次函数调用之前 na me 变量进行了初始化,被赋值为 NULL,而第二次调用前却未进行初始化。 dnsmessagefindname 函数原型位于 lib/dns/message.c...

SUSE SLED12 / SLES12 Security Update : libyaml (SUSE-SU-2015:0013-1)

This libyaml update fixes the following security issue : - bnc907809: assert failure when processing wrapped strings CVE-2014-9130 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clea...

GLSA-201503-11 : OpenSSL: Multiple vulnerabilities (FREAK)

The remote host is affected by the vulnerability described in GLSA-201503-11 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers and the upstream advisory referenced below for details: RSA silently downgrades to EXPORTRSA Client...

OpenSSL multiple security vulnerabilities

NULL pointer dereferences, reahable asserts, memory corruptions...

SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10470)

OpenSSL has been updated to fix various security issues : - A segmentation fault in ASN1TYPEcmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. CVE-2015-0286 - A ASN.1 structure reuse memory corruption was fixed...

RHEL 6 / 7 : libyaml (RHSA-2015:0100)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:0100 advisory. YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter...

Apache qpid DoS

Multiple asserts...

USN-2461-1 libyaml vulnerability

Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service...

openSUSE Security Update : libyaml (openSUSE-SU-2014:1625-1)

This libyaml update fixes the following security issue : - bnc907809: assert failure when processing wrapped strings CVE-2014-9130 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : openvpn (openSUSE-SU-2014:1594-1)

openvpn was updated to fix a denial-of-service vulnerability where an authenticated client could stop the server by triggering a server-side ASSERT bnc907764,CVE-2014-8104, %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 38 to the stable channel for Windows, Mac and Linux. Chrome 38.0.2125.101 contains a number of fixes and improvements, including: - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance A...

Seafile-server <= 3.1.5 - Remote DoS

No description provided by source. Exploit Title: ccnet-server remote DoS assert seafile-server = 3.1.5 Date: Sep 4, 2014 Exploit Author: retset Vendor Homepage: seafile.com Software Link: https://bitbucket.org/haiwen/seafile/downloads/seafile-server3.1.4win32.tar.gz Version: seafile-server 3.1.4...

Seafile-server 3.1.5 - Remote Denial of Service

Exploit Title: ccnet-server remote DoS assert seafile-server = 3.1.5 Date: Sep 4, 2014 Exploit Author: retset Vendor Homepage: seafile.com Software Link: https://bitbucket.org/haiwen/seafile/downloads/seafile-server3.1.4win32.tar.gz Version: seafile-server 3.1.4 Tested on: Windows 7/seafile-serve...

seafile-server 3.1.5 Denial Of Service

Exploit Title: ccnet-server remote DoS assert in seafile-server 3.1.5 Date: Sep 4, 2014 Exploit Author: retset Vendor Homepage: seafile.com Software Link: https://bitbucket.org/haiwen/seafile/downloads/seafile-server3.1.4win32.tar.gz Version: seafile-server 3.1.4 Tested on: Windows 7/seafile-serv...

Joomla JomSocial 2.6 Code Execution Exploit

Joomla JomSocial component version 2.6 remote PHP code execution exploit. !/usr/bin/python Joomla! JomSocial component = 2.6 PHP code execution exploit Authors: - Matias Fontanini - Gaston Traberg This exploit allows the execution of PHP code without any prior authentication on the Joomla!...

Joomla JomSocial 2.6 Code Execution

!/usr/bin/python Joomla! JomSocial component = 2.6 PHP code execution exploit Authors: - Matias Fontanini - Gaston Traberg This exploit allows the execution of PHP code without any prior authentication on the Joomla! JomSocial component. Note that in order to be able to execute PHP code, both the...

Fedora Update for nodejs-better-assert FEDORA-2013-11780

Check for the Version of nodejs-better-assert OpenVAS Vulnerability Test Fedora Update for nodejs-better-assert FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora Update for nodejs-better-assert FEDORA-2013-11780

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 18 Update: nodejs-better-assert-1.0.0-2.fc18

C-style assert for Node.js, reporting the expression string as the error message...

Varnish 2.1.5 DoS in STV_alloc() while parsing Content-Length header

STValloc | st != NULL Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 2.1.5 Full panic message: Panic message: Assert error in STValloc, stevedore.c line 192:012 Conditionst != NULL not true. Summary: Varnish 2.1.5 crash and restart via...