Security Bulletin: Vulnerabilities in GSKit affect IBM Security Access Manager for Mobile (CVE-2015-7421, CVE-2015-7420)

Summary Vulnerabilities were discovered in GSKit. IBM Security Access Manager for Mobile uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PR...

Security Bulletin: Vulnerabilities in GSKit affect IBM SPSS Modeler (CVE-2015-7421, CVE-2015-7420)

Summary Vulnerabilities were discovered in GSKit. IBM SPSS Modeler uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PRNG pool state is...

CVE-2016-10595

jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested file with an attacker controlled file if the attacker is on the netwo...

CVE-2016-10682

The CVE-2016-10682 issue affects massif, a PhantomJS fork, which downloads resources over HTTP. The underlying risk is a MITM could replace fetched resources with attacker-controlled binaries, potentially enabling remote code execution when the user retrieves those resources. Multiple sources des...

PT-2018-10400

Name of the Vulnerable Software and Affected Versions procps-ng versions prior to 3.3.15 Description The issue allows an unprivileged attacker to hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This is achieved through a process occupying a...

CVE-2018-11212

An issue was discovered in libjpeg 9a and 9d. The allocsarray function in jmemmgr.c allows remote attackers to cause a denial of service divide-by-zero error via a crafted file...

Linux/x86 - Bind TCP Shell + fork() Shellcode (113 bytes)

/ Title: Linux x86 TCP Bind Shell + fork - 113 bytes NULL Free Author: Amine Kanane Student-ID: SLAE - 1203 Desc: Listen for a connection on Local Port 9443 and spawn a command shell This version support multiple simultaneous connections using fork. Also this shellcode does not use the classic...

Linux/x86 - Bind (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)

Linux/x86 - Bind 9443/TCP Shell + fork + Null-Free Shellcode 113 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux x86 TCP Bind Shell + fork - 113 bytes NULL Free Author: Amine Kanane Student-ID: SLAE - 1203 Desc: Listen for a connection on Local Port 9443 and spawn a command shell Th...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0033)

The remote OracleVM system is missing necessary patches to address critical security updates : - mlx4: change the ICM table allocations to lowest needed size Daniel Jurgens Orabug: 27718305 - autofs: use dentry flags to block walks during expire Ian Kent - autofs races Al Viro Orabug: 27766149...

kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c

A flaw was found in the Linux kernel's handling of fork failure when dealing with event messages in the userfaultfd code. Failure to fork correctly can create a fork event that will be removed from an already freed list of events...

kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c

A flaw was found in the Linux kernel's handling of fork failure when dealing with event messages in the userfaultfd code. Failure to fork correctly can create a fork event that will be removed from an already freed list of events...

Unbreakable Enterprise kernel security update

4.1.12-112.16.7 - mlx4: change the ICM table allocations to lowest needed size Daniel Jurgens Orabug: 27718305 - autofs: use dentry flags to block walks during expire Ian Kent Orabug: 26032471 Orabug: 27766149 - autofs races Al Viro Orabug: 27766149 Orabug: 27766149 - crypto: FIPS - allow tests t...

Code injection

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 duplicates the PRNG state across fork system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071...

CVE-2018-1426

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 duplicates the PRNG state across fork system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071...

CVE-2018-1426

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 duplicates the PRNG state across fork system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071...

CVE-2018-1426

CVE-2018-1426 affects IBM GSKit: it duplicates the PRNG state across fork() when multiple ICC instances load, risking duplicate Session IDs and key material. Documents confirm the vulnerability description and its association with GSKit in IBM products; however, a concrete, product-specific fixed...

Sandstorm Supervisor Denial of Service Vulnerability

Sandstorm is a personal cloud platform. The platform features file storage, application management, task and project management, etc. Supervisor is one of the management components. A security vulnerability exists in Supervisor in Sandstorm that stems from the program's failure to limit the total...

Design/Logic Flaw

The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space...

CVE-2017-6198

The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space...

CVE-2017-6198

The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space...