HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.0 update

Updated Red Hat JBoss Enterprise Application Platform 6.2.0 packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common...

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.0 update

An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes two security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. Common...

Microsoft Enhanced Mitigation Experience Toolkit (EMET) ROP Vulnerability

The host is installed with Microsoft Enhanced Mitigation Experience Toolkit EMET and is prone to return-oriented programming ROP vulnerability. OpenVAS Vulnerability Test $Id: gbmicrosoftemetropvuln.nasl 6104 2017-05-11 09:03:48Z teissa $ Microsoft Enhanced Mitigation Experience Toolkit EMET ROP...

CVE-2013-6791

Microsoft Enhanced Mitigation Experience Toolkit EMET before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming ROP attack...

Design/Logic Flaw

Microsoft Enhanced Mitigation Experience Toolkit EMET before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming ROP attack...

CVE-2013-6791

Microsoft Enhanced Mitigation Experience Toolkit EMET before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming ROP attack...

CVE-2013-2029

nagios.upgradetov3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/...

Code injection

IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted...

Dual_EC_DRBG output using untrusted curve constants may be predictable

Overview Output of the Dual Elliptic Curve Deterministic Random Bit Generator DUALECDRBG algorithm may be predictable by an attacker who has chosen elliptic curve parameters in advance. Description NIST SP 800-90A defines three elliptic curves for use in DualECDBRG but does not describe the...

pycrypto PRNG vulnerabilities

Predictable PRNG state after fork...

pmake: Insecure temporary file usage

Background pmake is Debian’s version of NetBSD’s make, a tool to build programs in parallel. Description /usr/share/mk/bsd.lib.mk and /usr/share/mk/bsd.prog.mk create temporary files insecurely, with predictable names /tmp/dependPID, and without using $TMPDIR. Impact The make include files allow...

Design/Logic Flaw

The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveragi...

10 years of Update Tuesdays

On October 1, 2003, Microsoft announced it would move to a monthly security bulletin cadence. Today, marks 10 years since that first monthly security update. We looked at many ways to improve our security preparedness and patch timing was the number one customer request. Your feedback was clear a...

CVE-2013-4708

The PPP Access Concentrator PPPAC in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows...

Authentication flaw

The PPP Access Concentrator PPPAC in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows...

CVE-2013-4708

The CVE-2013-4708 issue affects SEIL Series routers from Internet Initiative Japan Inc. The vuln arises from predictable random-number generation in the PPP Access Concentrator (PPPAC) when performing RADIUS authentication, allowing remote attackers who can sniff RADIUS traffic to bypass authenti...

CVE-2013-4136

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/...