Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4.9 PHP 5.0.x PHP 5.1.x PHP 5.2.x PHP 5.3....

Debian: Security Advisory (DSA-2827-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2013-7100

Buffer overflow in the unpacksms16 function in apps/appsms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before...

PHP openssl_x509_parse() Memory Corruption Vulnerability

Exploit for php platform in category dos / poc Overview: Quote from http://www.php.net "PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML." The PHP function opensslx509parse uses a helper function called...

PHP openssl_x509_parse() Memory Corruption Vulnerability

The PHP function opensslx509parse uses a helper function called asn1timetotimet to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated...

FreeBSD : PHP5 -- memory corruption in openssl_x509_parse() (47b4e713-6513-11e3-868f-0025905a4771)

Stefan Esser reports : The PHP function opensslx509parse uses a helper function called asn1timetotimet to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes...

[USN-2029-1] Apache Commons FileUpload vulnerability

========================================================================== Ubuntu Security Notice USN-2029-1 November 13, 2013 libcommons-fileupload-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and...

Steinberg MyMp3PRO v5.0 SEH Buffer Overflow

Exploit for windows platform in category local exploits !/usr/bin/ruby Vendor: http://cjcity.ru/soft/35-8.html Software link: http://cjcity.ru/2/downloader.php?id=00000000559 print ''' Steinberg MyMp3PRO v5.0 SEH Buffer Overflow Version: 5.0 Build 5.1.0.21 Date found: 04.12.2013 Exploit Author:...

kernel: ansi_cprng: off by one error in non-block size request

Off-by-one error in the getprngbytes function in crypto/ansicprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the...

Ubuntu: Security Advisory (USN-2029-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2029-1: Apache Commons FileUpload vulnerability

It was discovered that Apache Commons FileUpload incorrectly handled file names with NULL bytes in serialized instances. An attacker could use this issue to possibly write to arbitrary files...

Ubuntu 10.04 LTS : libcommons-fileupload-java vulnerability (USN-2029-1)

It was discovered that Apache Commons FileUpload incorrectly handled file names with NULL bytes in serialized instances. An attacker could use this issue to possibly write to arbitrary files. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu...

UBUNTU-CVE-2013-4345

Off-by-one error in the getprngbytes function in crypto/ansicprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the...

Threat Outbreak Alert: Fake Portuguese Personal Picture Notification Email Messages on October 5, 2013

Medium Alert ID: 31128 First Published: 2013 October 7 14:08 GMT Version: 1 Summary Cisco Security has detected significant activity related to Portuguese-language spam email messages that claim to contain personal images for the recipient. The text in the email message attempts to convince the...

Linux/ARM - reverse_shell (tcp,10.1.1.2,0x1337)

/ Title: Linux/ARM - reverseshelltcp,10.1.1.2,0x1337 execve"/bin/sh", 0, 0 vars - 72 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l - Raspberry Pi Author: midnitesnake / Title: Linux/ARM - reverseshelltcp,10.1.1.2,0x1337 execve"/bin/sh", 0, 0 vars - 72 bytes Date: 2012-09-08 Tested on:...

Linux/ARM execve("/bin/sh", [], [0 vars]) shellcode 35 bytes

35 bytes small Linux/ARM execve"/bin/sh", , 0 vars shellcode. / Title : Linux/ARM - execve"/bin/sh", , 0 vars - 35 bytes Date : 2013-09-04 Author : gunslinger yuda at cr0security dot com Tested on : ARM1176 rev6 v6l An ARM Hardcoded Shellcode without 0x20, 0x0a, and 0x00. Cr0security.com / includ...

Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes)

Linux/ARM - chmod /etc/passwd 0777 Shellcode 39 bytes. Shellcode exploit for ARM platform / Title : Linux/ARM - chmod"/etc/passwd", 0777 - 39 bytes Date : 2013-09-04 Author : gunslinger yuda at cr0security dot com Tested on : ARM1176 rev6 v6l An ARM Hardcoded Shellcode without 0x20, 0x0a, and 0x0...

Linux/ARM - execve("/bin/sh", [], [0 vars]) Shellcode (35 bytes)

Linux/ARM - execve"/bin/sh", , 0 vars Shellcode 35 bytes. Shellcode exploit for ARM platform / Title : Linux/ARM - execve"/bin/sh", , 0 vars - 35 bytes Date : 2013-09-04 Author : gunslinger yuda at cr0security dot com Tested on : ARM1176 rev6 v6l An ARM Hardcoded Shellcode without 0x20, 0x0a, and...

PHP 5.4.x < 5.4.19 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.19. It is, therefore, potentially affected by the following vulnerabilities : - A heap corruption error exists in numerous functions in the file 'ext/xml/xml.c'. CVE-2013-4113 / Bug 65236 - An...

MGASA-2013-0250 Updated python packages fix CVE-2013-4238 and pip

Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...