Debian Security Advisory DSA 2601-1 (gnupg, gnupg2 - missing input sanitation)

KB Sriram discovered that GnuPG, the GNU Privacy Guard did not sufficiently sanitise public keys on import, which could lead to memory and keyring corruption. The problem affects both version 1, in the gnupg package, and version two, in the gnupg2 package. OpenVAS Vulnerability Test $Id:...

Debian Security Advisory DSA 2599-1 (nss - mis-issued intermediates)

Google, Inc. discovered that the TurkTrust certification authority included in the Network Security Service libraries nss mis-issued two intermediate CAs which could be used to generate rogue end-entity certificates. This update explicitly distrusts those two intermediate CAs. The two existing...

Debian Security Advisory DSA 2598-1 (weechat - several vulnerabilities)

Two security issues have been discovered in WeeChat, a fast, light and extensible chat client: CVE-2011-1428 X.509 certificates were incorrectly validated. CVE-2012-5534 The hookprocess function in the plugin API allowed the execution of arbitrary shell commands. OpenVAS Vulnerability Test $Id:...

Debian Security Advisory DSA 2597-1 (rails - input validation error)

joernchen of Phenoelit discovered that rails, an MVC ruby based framework geared for web application development, is not properly treating user-supplied input to findby methods. Depending on how the ruby on rails application is using these methods, this allows an attacker to perform SQL injection...

lighttpd 1.4.31 - Denial of Service (PoC)

lighttpd 1.4.31 - Denial of Service PoC !/bin/bash Exploit Title: simple lighttpd 1.4.31 DOS POC Date: 11/21/2012 Exploit Author: [email protected] Vendor Homepage: http://www.lighttpd.net Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz Version: 1.4.31 Tested...

lighttpd 1.4.31 - Denial of Service (PoC)

!/bin/bash Exploit Title: simple lighttpd 1.4.31 DOS POC Date: 11/21/2012 Exploit Author: [email protected] Vendor Homepage: http://www.lighttpd.net Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz Version: 1.4.31 Tested on: Debian Linux, Gentoo Linux, Arch...

CVE-2012-5519

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface...

Debian Security Advisory DSA 2561-1 (tiff)

The remote host is missing an update to tiff announced via advisory DSA 2561-1. OpenVAS Vulnerability Test $Id: deb25611.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2561-1 tiff Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian DSA-2566-1 : exim4 - heap-based buffer overflow

It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security,...

Debian DSA-2561-1 : tiff - buffer overflow

It was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

Debian DSA-2560-1 : bind9 - denial of service

It was discovered that BIND, a DNS server, hangs while constructing the additional section of a DNS reply, when certain combinations of resource records are present. This vulnerability affects both recursive and authoritative servers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Visual Tools DVR Command Injection / Password Disclosure

Exploit for hardware platform in category web applications Title: Visual Tools DVR multiple vulnerabilities Version affected: VS Series = 3.0.6.16, VX Series = 4.2.19.2 Vendor: http://www.visual-tools.com/ Discovered By: Andrea Fabrizi Email: email protected Web: http://www.andreafabrizi.it Statu...

Debian DSA-2530-1 : rssh - shell command injection

Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2530. The text itself is copyrigh...

Debian DSA-2520-1 : openoffice.org - Multiple heap-based buffer overflows

Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code executio...

Debian DSA-2502-1 : python-crypto - programming error

It was discovered that that the ElGamal code in PythonCrypto, a collection of cryptographic algorithms and protocols for Python used insecure insufficient prime numbers in key generation, which lead to a weakened signature or public key space, allowing easier brute-force attacks on such keys...

Intel CPU Hardware Local Privilege Escalation Vulnerability

Description 64-bit operating systems and virtualization software running on Intel CPU hardware are prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to escalate privileges and execute arbitrary code with kernel-level privileges or to do a guest-to-host virtual...

Oracle Java SE CVE-2012-1723 Remote Code Execution Vulnerability

Description Oracle Java SE is prone to a remote code execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Hotspot' sub-component. This vulnerability affects the following supported versions: 7 Update 4, 6 Update 3...

Debian DSA-2474-1 : ikiwiki - XSS

Raul Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author and its URL of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

Debian DSA-2471-1 : ffmpeg - several vulnerabilities

Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code. These...

Debian DSA-2441-1 : gnutls26 - missing bounds check

Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...