2590 matches found
Security Onion - Linux Distro For Intrusion Detection, Network Security Monitoring, And Log Management
Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an...
[SECURITY] Fedora 23 Update: git-2.5.0-2.fc23
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...
jre7-openjdk: multiple issues
CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...
jre8-openjdk-headless: multiple issues
CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...
OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883...
Novel NTP Attacks Roll Back Time
Sharon Goldberg remembers the cold February day when her Boston University PhD candidate Aanchal Malhotra was studying routing security, in particular, attacks against the resource public key infrastructure RPKI—and kept hitting a dead end because of a cache-flushing issue. The resourceful Malhot...
OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883...
[SECURITY] Fedora 22 Update: fossil-1.33-1.fc22
Fossil is a simple, high-reliability, distributed software configuration management with distributed bug tracking, distributed wiki and built-in web interface...
[SECURITY] Fedora 22 Update: jakarta-commons-httpclient-3.1-23.fc22
The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...
[SECURITY] Fedora 23 Update: jakarta-commons-httpclient-3.1-23.fc23
The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...
Revisiting Apple IPC: (1) Distributed Objects
Posted by Ian Beer of Google Project Zero Earlier this year I gave a talk at the inaugural Jailbreak Security Summit entitled Auditing and Exploiting Apple IPC slides | video . As part of my research for that talk I wanted to find at least one bug involving each of the available IPC mechanisms on...
IBM WebSphere eXtreme Scale Security Bypass Vulnerability
IBM WebSphere eXtreme Scale is a distributed caching solution. IBM WebSphere Extreme Scale failed to properly handle logout operations, allowing an attacker to exploit a vulnerability to bypass security restrictions on other user sessions...
'Bitcoin is Now Officially a Commodity' — US Regulator Declared
Bitcoins are making their way, in Bits and Pieces. In a recent report The Hacker News THN had mentioned about banks adopting the Blockchain Technology from Bitcoins; to create a safe and secure distributed ledger. Now, last week U.S. Commodity Future Trading Commission CFTC, has added Bitcoins an...
OS X Install.framework suid Helper Privilege Escalation Vulnerability
Exploit for macOS platform in category local exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=314 The private Install.framework has a few helper executables in /System/Library/PrivateFrameworks/Install.framework/Resources, one of which is suid root: -rwsr-sr-x ...
OS X Install.framework suid root Runner Binary Privilege Escalation Vulnerability
Exploit for macOS platform in category local exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=478 The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same...
Apple Mac OSX - Install.framework suid Helper Privilege Escalation
Source: https://code.google.com/p/google-security-research/issues/detail?id=314 The private Install.framework has a few helper executables in /System/Library/PrivateFrameworks/Install.framework/Resources, one of which is suid root: -rwsr-sr-x 1 root wheel 113K Oct 1 2014 runner Taking a look at i...
Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation
Source: https://code.google.com/p/google-security-research/issues/detail?id=478 The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same time. By connecting two proxy objects to an...
[USN-2704-1] Swift vulnerabilities
========================================================================== Ubuntu Security Notice USN-2704-1 August 06, 2015 swift vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[SECURITY] Fedora 22 Update: elasticsearch-1.6.1-0.fc22
Elasticsearch is a search server based on Lucene. It provides a distributed, multitenant-capable full-text search engine with a RESTful web interface and schema-free JSON documents. Elasticsearch is developed in Java and is relea sed as open source under the terms of the Apache License. It is a...
[SECURITY] Fedora 21 Update: quassel-0.11.0-2.fc21
Quassel IRC is a modern, distributed IRC client, meaning that one or multiple clients can attach to and detach from a central core -- much like the popular combination of screen and a text-based IRC client such as WeeChat, but graphical...