kernel: sctp: sk_ack_backlog wrap-around problem

An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation processed certain COOKIEECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP...

kernel: sctp: sk_ack_backlog wrap-around problem

An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation processed certain COOKIEECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP...

[SECURITY] Fedora 20 Update: mumble-1.2.6-1.fc20.1

Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players...

kernel: sctp: sk_ack_backlog wrap-around problem

An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation processed certain COOKIEECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP...

Echo Command Encoder

This encoder uses echo and backlash escapes to avoid commonly restricted characters. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Echo Command Encoder', 'Description' = %q This encoder uses...

Linux kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/580/info Certain Linux kernels in the 2.0.3x range are susceptible to blind TCP spoofing attacks due to the way that the kernel handles invalid ack sequence numbers, and the way it assigns IDs to outgoing IP datagrams. Fo...

Cisco IOS 10/11/12 UDP Echo Service Memory Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8323/info It has been reported that under some circumstances, a Cisco appliance running IOS may answer malicious malformed UDP echo packets with replies that contain partial contents from the affected router's memory...

Claroline <= 1.8.0 rc1 (import.lib.php) Remote File Include Vulnerability

No description provided by source. claroline = 180rc1 Remote File Inclusion Download Source : http://www.claroline.net/dlarea/claroline180rc1.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; claroline/inc/lib/import.lib.php bugs ; begin line 8 requireonc...

Digital UNIX <= 4.0 D,FreeBSD <= 2.2.4,HP HP-UX 10.20/11.0,IBM AIX <= 3.2.5,Linux kernel 2.0/2.1,NetBSD 1.2,Solaris <= 2.5.1 Smurf Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/147/info The Smurf denial of service exploits the existance, and forwarding of, packets sent to IP broadcast addreses. By creating an ICMP echo request packet, with the source address set to an IP within the network to be...

Wordpress plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV82$2007 ----------------------------------------------------------------------------------------- ECHOADV82$2007 wordpress plugins wp-Table = 1.43 incdir Remote File...

Smart Search 4.25 Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7133/info A vulnerability has been discovered in the Smart Search CGI script. Due to insufficient sanitization of user-supplied URI parameters, it may be possible for an attacker to execute arbitrary commands on a target...

CMS Faethon <= 1.3.2 (mainpath) Remote File Inclusion Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV33$2006 --------------------------------------------------------------------------- ECHOADV33$2006 CMS Faethon 1.3.2 mainpath Remote File Inclusion...

NextApp Echo < 2.1.1 XML Injection Vulnerability

No description provided by source. SEC Consult Security Advisory 20090305-0 ======================================================================== title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 2.1.1 homepage: http://echo.nextapp.com/site/echo2...

openSUSE Security Update : wireshark (openSUSE-SU-2013:0494-1)

wireshark was updated to 1.8.6 bnc807942 + vulnerabilities fixed : - The TCP dissector could crash. wnpa-sec-2013-10 CVE-2013-2475 - The HART/IP dissectory could go into an infinite loop. wnpa-sec-2013-11 CVE-2013-2476 - The CSN.1 dissector could crash. wnpa-sec-2013-12 CVE-2013-2477 - The MS-MMS...

kernel: pty layer race condition leading to memory corruption

The nttywrite function in drivers/tty/ntty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service memory corruption and system crash or gain privileges by triggering a race condition...

Juniper ScreenOS 5.4 < 5.4.0r28 / 6.2 < 6.2.0r18 / 6.3 < 6.3.0r16 Malformed ICMP Echo Request DoS (JSA10604)

The remote host is running a version of Juniper ScreenOS prior to 5.4.0r28 / 6.2.0r18 / 6.3.0r16. It is, therefore, affected by a denial of service vulnerability due to a failure to properly handle ICMP echo request packets. A remote, unauthenticated attacker could potentially exploit this...

[SECURITY] Fedora 19 Update: mumble-1.2.6-1.fc19

Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players...

[SECURITY] Fedora 20 Update: mumble-1.2.6-1.fc20

Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players...

kernel: pty layer race condition leading to memory corruption

The nttywrite function in drivers/tty/ntty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service memory corruption and system crash or gain privileges by triggering a race condition...

Linux Kernel 3.14-rc1 &lt; 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation

/ CVE-2014-0196: Linux kernel = v3.14-rc1 Matthew Daley Usage: $ gcc cve-2014-0196-md.c -lutil -lpthread $ ./a.out + Resolving symbols + Resolved commitcreds: 0xffffffff81056694 + Resolved preparekernelcred: 0xffffffff810568a7 + Doing once-off allocations + Attempting to overflow into a...