hostapd and wpa_supplicant -- multiple vulnerabilities

Jouni Malinen reports: wpasupplicant unauthorized WNM Sleep Mode GTK control. 2015-6 - CVE-2015-5310 EAP-pwd missing last fragment length validation. 2015-7 - CVE-2015-5315 EAP-pwd peer error path failure on unexpected Confirm message. 2015-8 - CVE-2015-5316...

CVE-2015-5310

The WNM Sleep Mode code in wpasupplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection MFP was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service ignored packets via a...

UBUNTU-CVE-2015-5310

The WNM Sleep Mode code in wpasupplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection MFP was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service ignored packets via a...

Cisco AnyConnect 3.1.08009 - Local Privilege Escalation (via DMG Install Script)

Cisco AnyConnect 3.1.08009 - Local Privilege Escalation via DMG Install Script / Cisco AnyConnect elevation of privileges via DMG install script - proof of concept Yorick Koster, July 2015 https://securify.nl/advisory/SFY20150701/ciscoanyconnectelevationofprivilegesviadmginstallscript.html based ...

Multiple Dell devices vulnerable

Dell Latitude, etc. are the products of the United States Dell Dell company.Dell Latitude and OptiPlex are notebook product models; Precision Mobile Workstation is a precision mobile workstation; Precision Workstation CS is a set of mobile workstation Client; BIOS Basic Input-Output System is a s...

CERT found that most of the BIOS there is a security vulnerability-vulnerability warning-the black bar safety net

Carnegie Mellon University's computer Emergency Response Team-CERT today released in most of the BIOS Firmware vulnerability exists in the security Bulletin, the hacker can exploit the vulnerability to re-refresh the motherboard BIOS. In the X86 computer device to deploy a series of security...

Mac OS X Multiple EFI Vulnerabilities (EFI Security Update 2015-001)

The remote Mac OS X host is running EFI firmware that is affected by multiple vulnerabilities : - An insufficient locking issue exists, when resuming from sleep states, which allows a local attacker to write to the EFI flash memory by using an crafted application with root privileges. CVE-2015-36...

Design/Logic Flaw

Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges...

Apple OS X Firmware Write-Protect Local Elevation of Privilege Vulnerability

Apple OS X is an Apple operating system. The Apple OS X firmware fails to properly write-protect the BIOS by entering and exiting sleep mode during the current session, and suffers from a local elevation of privilege vulnerability, which allows a local root user to write to the contents of the...

Apple Mac computer firmware 0day EFI rootkit vulnerability

MAC is apple's self-developed operating system, now commonly used operating systems are windows, linux, mac. MacBook Pro Retina, MacBook Pro and MacBook Air computers may have a security vulnerability in the EFI firmware update, the attacker does not need to physically touch the target machine, c...

Fedora 20 : ettercap-0.8.2-1.fc20 (2015-4020)

0.8.2-Ferri Bug Fix !! Fixed some openssl deprecated functions usage !! Fixed log file ownership !! Fixed mixed output print !! Fixed dropprivs function usage !! Fixed nopromisc option usage. !! Fixed missing break in parser code. !! Improved redirect commands !! Fix truncated VLAN packet headers...

Fedora 22 : ettercap-0.8.2-1.fc22 (2015-4009)

0.8.2-Ferri Bug Fix !! Fixed some openssl deprecated functions usage !! Fixed log file ownership !! Fixed mixed output print !! Fixed dropprivs function usage !! Fixed nopromisc option usage. !! Fixed missing break in parser code. !! Improved redirect commands !! Fix truncated VLAN packet headers...

BIOS Security Updates for Multiple Issues

Summary: New BIOS updates are available for Intel products. These updates harden the implementation against malicious inputs at various stages of the boot process and runtime. Description: This update addresses issues identified in the process of resuming from a sleep state, processing data store...

Mac OS X <= 10.2.4 DirectoryService (PATH) Local Root Exploit

No description provided by source. / OS X = 10.2.4 DirectoryService local root PATH exploit DirectoryService must be crashed prior to execution, per @stake advisory. If you discover how to crash DirectoryService e-mail me at [email protected] Neeko Oni -- Assuming DirectoryService has been...

CVE-2014-2005

Sophos Disk Encryption SDE 5.x in Sophos Enterprise Console SEC 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen...

CVE-2014-2005

Sophos Disk Encryption SDE 5.x in Sophos Enterprise Console SEC 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen...

Authentication flaw

Sophos Disk Encryption SDE 5.x in Sophos Enterprise Console SEC 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen...

CVE-2014-2005

Sophos Disk Encryption SDE 5.x in Sophos Enterprise Console SEC 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen...

JVN#63940326: Sophos Disk Encryption vulnerable to authentication bypass

Sophos Disk Encryption is a product to encrypt hard disk data on Windows PC. By default, Window requires logon authentication when the PC wakes up from hibernation or sleep mode. When Sophos Disk Encryption is installed, no authentication is required before operating the PC. Impact An...

winxp, the win2003, win7, win8 General the shellcode-exploit warning-the black bar safety net

This code in vc6 to compile, extract the shellcode when the debug mode, open the memory window, copy the binary code into the shellcode can be Code changes to the original address: http://hi.baidu.com/egodcore/item/c13e67fe197c940fc6dc45f5 int main asm nop; nop; nop; nop; nop; nop; nop; push ebp;...