Debian DSA-2561-1 : tiff - buffer overflow

It was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

Fedora 16 : qt-4.8.2-7.fc16 (2012-15203)

Build patched to disable SSL/TLS compression by default avoiding CRIME attacks, see also http://qt.digia.com/Release-Notes/security-issue-september-2012/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

[SECURITY] Fedora 18 Update: openjpeg-1.5.0-5.fc18

OpenJPEG is an open-source JPEG 2000 codec written in C. It has been developed in order to promote the use of JPEG 2000, the new still-image compression standard from the Joint Photographic Experts Group JPEG...

Transport Layer Security (TLS) Protocol CRIME Vulnerability

The remote service has one of two configurations that are known to be required for the CRIME attack : - SSL / TLS compression is enabled. - TLS advertises the SPDY protocol earlier than version 4. Note that Nessus did not attempt to launch the CRIME attack against the remote service. C Tenable...

SSL Compression Methods Supported

This script detects which compression methods are supported by the remote service for SSL connections. TRUSTED...

Fedora 17 : qt-4.8.2-7.fc17 (2012-15194)

Build patched to disable SSL/TLS compression by default avoiding CRIME attacks, see also http://qt.digia.com/Release-Notes/security-issue-september-2012/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

[SECURITY] Fedora 17 Update: optipng-0.7.3-1.fc17

OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats BMP, GIF, PNM and TIFF to optimized PNG, and performs PNG integrity checks and corrections...

Portable Multi-boot Security Suite: Katana

Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware...

For SSL the latest method of attack CRIME of the principles and technical details-vulnerability warning-the black bar safety net

Author:Pnig0s decodingFreeBuf We may concern before the for SSL a attack technique, called the BEAST. This is still found in BEAST of the two greatJuliano Rizzoand Thai Duong discovered another new attack on HTTPS techniques, and before of similar, called“CRIME”is. BEAST to from SSL/TLS encrypted...

XnView < 1.99.1 JPEG Compressed TIFF Image Multiple Header Value Handling Overflow

The version of XnView installed on the remote Windows host is earlier than 1.99.1. It is, therefore, reportedly affected by a heap-based buffer overflow vulnerability. This is due to an error in the handling of TIFF image files having JPEG compression. Specially crafted files of this type can...

DEBIAN-CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions

The new attack on TLS developed by researchers Juliano Rizzo and Thai Duong takes advantage of an information leak in the compression ratio of TLS requests as a side channel to enable them to decrypt the requests made by the client to the server. This, in turn, allows them to grab the user’s logi...

Mandrake Linux Security Advisory : bind (MDKSA-2000:067)

A vulnerability exists with the bind nameserver dealing with compressed zone transfers. This vulnerability can be exploited by authorized zone transfers and used in a DoS attack. The named daemon will crash if it receives this type of zone transfer from an authorized source address. The crash is...

CVE-2012-0275

Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression...

CVE-2012-0275

Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression...

CVE-2012-0275

CVE-2012-0275 is a heap-based buffer overflow in Photoshop.exe affecting Adobe Photoshop CS5 (12.x) before 12.0.5, CS5.1 before 12.1.1, and CS6 before 13.0.1. The vulnerability allows remote code execution via a crafted TIFF image using SGI24LogLum compression. Exploitation is remote (no user int...

Fedora Update for openjpeg FEDORA-2012-9602

Check for the Version of openjpeg OpenVAS Vulnerability Test Fedora Update for openjpeg FEDORA-2012-9602 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

KLA10029 ACE vulnerabilities in Adobe Photoshop

Buffer overflow vulnerabilities were found in Adobe Photoshop. By exploiting this vulnerability malicious users can execute arbitrary code. These vulnerabilities can be exploited from the network at a point related to an unknown application via a specially designed file or TIFF image with...