[SECURITY] Fedora 20 Update: openstack-nova-2013.2-4.fc20

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

[SECURITY] Fedora 19 Update: openstack-nova-2013.1.4-3.fc19

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

Going Back to the Future in the Name of Better Security

NEW YORK–If Bill Cheswick had his way, the future of computing and computer security would look a lot like the distant past, with trusted platforms, small programs, applications that can’t affect the operating system and resistance to user mistakes. Cheswick, a former Bell Labs computer scientist...

Fedora Update for spice FEDORA-2013-20360

Check for the Version of spice OpenVAS Vulnerability Test Fedora Update for spice FEDORA-2013-20360 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Fedora Update for spice FEDORA-2013-20340

Check for the Version of spice OpenVAS Vulnerability Test Fedora Update for spice FEDORA-2013-20340 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Introduction: Chris Betz, new head of MSRC

By way of introduction, I am Chris Betz, the leader of the Microsoft Security Response Center MSRC. I’m stepping in to fill the shoes of Mike Reavey, who has moved on to become the General Manager of Secure Operations, still within Trustworthy Computing. Since joining the MSRC, I’ve spent time...

Cisco Unified Computing System Fabric Interconnect Man-In-The-Middle Vulnerability

A vulnerability in the Fabric Interconnect KVM module of Cisco Unified Computing System could allow an unauthenticated, remote attacker to execute a man-in-the-middle attack. The vulnerability is due to the virtual KVM sending video data unencrypted. An attacker could exploit this vulnerability b...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the fabric interconnect of Cisco Unified Computing System could allow an authenticated, local attacker to cause a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by executi...

Code injection

The fabric-interconnect component in Cisco Unified Computing System UCS does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug...

CVE-2012-4117

The fabric-interconnect component in Cisco Unified Computing System UCS does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033...

CVE-2012-4112

The Baseboard Management Controller BMC in Cisco Unified Computing System UCS allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330...

CVE-2012-4112

CVE-2012-4112 affects the Cisco UCS Baseboard Management Controller (BMC). A vulnerability in the BMC’s command-line interface (CLI) allows a locally authenticated attacker to inject arbitrary commands with elevated privileges due to improper filtering of user-supplied parameters. Exploitation re...

Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability

A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture KVM media connection credentials. The vulnerability is due to improperly securing the KVM media traffic between the server and the client. An attacker could...

Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability

A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture or modify KVM virtual media traffic. The vulnerability is due to improperly securing the KVM virtual media traffic between the server and the client. An attacker...

Cisco Unified Computing System Fabric Interconnect Arbitrary File Read Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to view arbitrary files on the underlying filesystem. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this...

Cisco Unified Computing System Fabric Interconnect Arbitrary File Creation Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands with elevated privileges. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the fabric interconnect FI of the Cisco Unified Computing System could allow an authenticated, local attacker to create a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Fabric Interconnect Privilege Escalation Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute scripts with elevated privileges. The vulnerability occurs because all scripts are executed at the same privilege level. An attacker could exploit this...

Cisco Unified Computing System Fabric Interconnect Command Injection Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands on the underlying operating system. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this...