USN-2260-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges. CVE-2014-0196 Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged...

kernel: net: ping: refcount issue in ping_init_sock() function

A use-after-free flaw was found in the way the pinginitsock function of the Linux kernel handled the groupinfo reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system...

openSUSE Security Update : krb5 (openSUSE-SU-2013:1119-1)

This update fixes a kpasswd UDP ping-pong security bug CVE-2002-2443. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-546. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : kernel (openSUSE-SU-2012:0236-1)

The openSUSE 11.4 kernel was updated to fix bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read on a specific socket, it's possible to corrupt kernel memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used. CVE-2011-269...

China Putter Panda APT Attacks Linked to PLA Unit 61486

With indictments still fresh against a handful of Chinese nationals accused of hacking American companies and stealing intellectual property, another branch of the People’s Liberation Army and allegedly one of its officers have been outed for cyberespionage against U.S. and European aerospace and...

Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2223-1)

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2224-1)

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2226-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2226-1 advisory. Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain...

kernel: net: ping: refcount issue in ping_init_sock() function

A use-after-free flaw was found in the way the pinginitsock function of the Linux kernel handled the groupinfo reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system...

USN-2228-1: Linux kernel vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

USN-2226-1 linux vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

USN-2223-1: Linux kernel (Quantal HWE) vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2221-1)

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

USN-2221-1: Linux kernel vulnerabilities

Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...

Updated kernel-vserver packages fix multiple vulnerabilities

Updated kernel-vserver provides upstream 3.10.40 kernel and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of...

CVE-2014-2851

Integer overflow in the pinginitsock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service use-after-free and system crash or possibly gain privileges via a crafted application that leverages an improperly managed reference counter...

CVE-2014-2851

Integer overflow in the pinginitsock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service use-after-free and system crash or possibly gain privileges via a crafted application that leverages an improperly managed reference counter...

WordPress XML-RPC PingBack vulnerability analysis-vulnerability warning-the black bar safety net

! Screen Shot 2014-03-12 at 9.47.56 AM A recent article outlines how to use the WordPress XML-RPC pingback functionDDosattack. This article will be on the attack for analysis, while for the site administrator to provide information to protect their website. This is not a new vulnerability WordPre...

WordPress 3.8.1 /xmlrpc.php拒绝服务漏洞

WordPress是一款内容管理系统。 WordPress 3.8.1 /xmlrpc.php 文件有ping其他主机的功能，通过这个功能可以请求多个站点，DDOS攻击别的网站。 0 WordPress 3.8.1 目前没有详细解决方案提供： http://www.wordpress.org...

LifeSize UVC Authenticated Remote Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "LifeSize UVC Authenticated RCE via Ping", 'Description' = %q When authenticated as an administrator on LifeSize UVC 1.2.6, an attacke...