Kernel: sa_restorer information leak

The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...

[Cuckoo Sandbox v0.6] Software for Automating Analysis of Suspicious Files

Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment. Cuckoo generates a handful of different raw data which include: Native...

Ubuntu: Security Advisory (USN-1793-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-1796-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for linux-lts-quantal USN-1795-1

Check for the Version of linux-lts-quantal OpenVAS Vulnerability Test $Id: gbubuntuUSN17951.nasl 8509 2018-01-24 06:57:46Z teissa $ Ubuntu Update for linux-lts-quantal USN-1795-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu Update for linux USN-1793-1

Check for the Version of linux OpenVAS Vulnerability Test $Id: gbubuntuUSN17931.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for linux USN-1793-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; yo...

Ubuntu: Security Advisory (USN-1798-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for linux-lts-backport-oneiric USN-1788-1

Check for the Version of linux-lts-backport-oneiric OpenVAS Vulnerability Test $Id: gbubuntuUSN17881.nasl 8456 2018-01-18 06:58:40Z teissa $ Ubuntu Update for linux-lts-backport-oneiric USN-1788-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-1787-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1788-1)

Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to bypass ASLR Address Space Layout Randomization. A local user could use this flaw to bypass ASLR to reliably deliver an exploit payload that would otherwise be stopp...

UBUNTU-CVE-2013-0914

The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...

PT-2013-3839 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the patchday that contains the fix for this issue Description: The issue is related to the improper implementation of Address Space Layout Randomization ASLR in Windows, allowing attackers to bypass the ASL...

SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)

This update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. CVE-2012-0845, bnc747125 - hash randomization issues. CVE-2012-1150, bnc751718 - insecure creation of .pypirc. CVE-2011-4944, bnc754447 - SimpleHTTPServer XSS. CVE-2011-1015, bnc752375 - functions can accept...

SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)

This update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. CVE-2012-0845, bnc747125 - hash randomization issues. CVE-2012-1150, bnc751718 - insecure creation of .pypirc. CVE-2011-4944, bnc754447 - SimpleHTTPServer XSS. CVE-2011-1015, bnc752375 - functions can accept...

kernel: execshield: predictable ascii armour base address

The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux RHEL 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protecti...

RedHat Update for thunderbird RHSA-2013:0145-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for firefox CESA-2013:0144 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Nvidia Display Driver Service Attack Escalates Privileges on Windows Machines

There’s nothing like a zero-day to ruin the holiday break, but that’s just what may be in store for engineers at Nvidia after a researcher discovered a new vulnerability in the Nvidia Display Driver Service. The flaw could hand over administrator privileges on Windows machines to an attacker. Pet...

Chrome Playing Hard to Get with Blackhole Exploit Kit

Google’s Chrome browser is something of a tough customer for the infamous and widely deployed Blackhole Exploit Kit, according to Blue Coat security researcher, Adnan Shukor. Shukor notes there has been an uptick in the kit’s use of plain HTML files, instead of iframes, to redirect users to explo...

RedHat Update for kernel RHSA-2012:1426-01

Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2012:1426-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...