Apache Storm code issue vulnerability

Apache Storm is a free and open source distributed real-time computing system. Apache Storm code issue vulnerability. An attacker could exploit the vulnerability to achieve remote code execution...

Prepare for more sophisticated security threats in 2021

As computing becomes more distributed to achieve greater optimization and efficiency, the threats posed by cyberattackers are destined to become increasingly more sophisticated. Here are some steps organizations should take in 2021 to mitigate such sophisticated security threats. Start with...

PT-2020-2433 · Siemens · Profinet-Io

Name of the Vulnerable Software and Affected Versions: Profinet-IO PNIO stack versions prior to V06.00 Description: The issue is related to an uncontrolled resource consumption in the DCE-RPC interface of Siemens hardware and software. This could lead to a denial of service condition due to lack ...

DEBIAN-CVE-2019-10903

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check...

Apache Hadoop YARN ResourceManager Web Interface

The web interface for Hadoop YARN ResourceManager was detected on the remote host. This interface can be used to monitor and assign resources for application execution. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid117616; scriptversion"1.4";...

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

Oracle MySQL Cluster Remote Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation. The database system is characterized by high performance, low cost, good reliability, etc. Oracle MySQL Cluster is one of the high utility, high redundancy version for distributed computing environments....

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

samba: Client side SMB2/3 required signing can be downgraded

A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server...

samba: crash in dcesrv_auth_bind_ack due to missing error check

Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running Samba root. Thi...

samba: crash in dcesrv_auth_bind_ack due to missing error check

Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running Samba root. Thi...

UBUNTU-CVE-2015-5370

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service application crash or CPU consumption, or possibly execute arbitrary code on a...

Fedora Update for boinc-client FEDORA-2013-23720

Check for the Version of boinc-client OpenVAS Vulnerability Test Fedora Update for boinc-client FEDORA-2013-23720 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

[SECURITY] Fedora 19 Update: boinc-client-7.2.33-2.git1994cc8.fc19

The Berkeley Open Infrastructure for Network Computing BOINC is an open- source software platform which supports distributed computing, primarily in the form of "volunteer" computing and "desktop Grid" computing. It is well suited for problems which are often described as "trivially parallel". BO...

[SECURITY] Fedora 20 Update: boinc-client-7.2.33-2.git1994cc8.fc20

The Berkeley Open Infrastructure for Network Computing BOINC is an open- source software platform which supports distributed computing, primarily in the form of "volunteer" computing and "desktop Grid" computing. It is well suited for problems which are often described as "trivially parallel". BO...

samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check

Heap-based buffer overflow in the dcerpcreadncacnpacketdone function in librpc/rpc/dcerpcutil.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet...

CVE-2012-0131

Distributed Computing Environment DCE 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

Durandal - Distributed CPU/GPU Hash Cracker v 0.5 released

Durandal - Distributed CPU/GPU Hash Cracker v 0.5 released Durandal is a distributed GPU/CPU computing software that aims to crack passwords. Mostly written in C++ with the Boost library, it works on many systems, however it is only built for Windows and GNU/Linux for the moment, on the x86 and x...

Ravan : A Distributed Hash Brute Forcer !

A short post for Ravan this time. It is a JavaScript based Distributed Computing system that can perform brute force attacks on salted hashes by distributing the task across several browsers. Salted and plain versions of the following hashing algorithms are currently supported: MD5 SHA1 SHA256...

DCE-RPC Big Endian Evasion Technique

DCE/RPC stands for "Distributed Computing Environment / Remote Procedure Calls". It is a Remote Procedure Call system that allows software to work across multiple computers, as if it were all working on the same computer. This system allows programmers to write distributed software without having...