Kernel security update: CVE-2017-1000253; Virtuozzo ReadyKernel patch 32.1 for Virtuozzo 7.0.x

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 Virtuozzo 7.0.0, 3.10.0-327.36.1.vz7.18.7 Virtuozzo 7.0.1, 3.10.0-327.36.1.vz7.20.18 Virtuozzo 7.0.3, 3.10.0-514.16.1.vz7.30.10 Virtuozzo 7.0.4,...

Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-085)

According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - Kernel crash due to missing error handling for negatively instantiated keys. - A stack buffer overflow...

The vulnerability of the messaging system between components of ArchestrA Wonderware ArchestrA Logger is caused by buffer overflows in the stack, allowing an attacker to execute arbitrary code.

The vulnerability of the messaging system between components in ArchestrA Wonderware ArchestrA Logger arises due to buffer overflow on the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of a high-priority account...

openthread: Stack-buffer-overflow in ot::NetworkData::PrefixTlv::GetSubTlvs

Detailed report: https://oss-fuzz.com/testcase?key=5490815742771200 Project: openthread Fuzzer: libFuzzeropenthreadip6-send-fuzzer Fuzz target binary: ip6-send-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0x7fb823a8eb22 Crash...

perl -- multiple vulnerabilities

Meta CPAN reports: CVE-2017-12814: $ENV$key stack buffer overflow on Windows A possible stack buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway. CVE-2017-12837: Heap buffer overflow in regular expression compiler Compiling...

WolfSSL library X509 Certificate Text Parsing Code Execution Vulnerability(CVE-2017-2800)

Summary An exploitable off-by-one write vulnerability exists in the x509 certificate parsing functionality of wolfSSL library versions up to 3.10.2. A specially crafted x509 certificate can cause a single out of bounds byte overwrite resulting in potential certificate validation vulnerabilities,...

[ASA-201709-12] linux-zen: arbitrary code execution

Arch Linux Security Advisory ASA-201709-12 ========================================== Severity: High Date : 2017-09-18 CVE-ID : CVE-2017-1000251 Package : linux-zen Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-394 Summary ======= The package linux-zen...

PowerIso Parsing Code Execution Vulnerability(CVE-2017-2817)

Summary An stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file to trigger this vulnerability. Tested...

wireshark: Stack-buffer-overflow in zbee_sec_add_key_to_keyring

Project: https://code.wireshark.org/review/wireshark Detailed report: https://oss-fuzz.com/testcase?key=4728461463650304 Project: wireshark Fuzzer: libFuzzerwiresharkfuzzsharkip Fuzz target binary: fuzzsharkip Job Type: libfuzzerasanwireshark Platform Id: linux Crash Type: Stack-buffer-overflow...

KingScada AlarmServer 3.1.2.13 Buffer Overflow Exploit

This Metasploit module exploits a stack based buffer overflow found in KingScada versions prior to 3.1.2.13. The vulnerability is triggered when sending a specially crafted packet to the 'AlarmServer' AEserver.exe service listening on port 12401. During the parsing of the packet the 3rd dword is...

RHEL 6 : kernel (RHSA-2017:2731)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2731 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A stack buffer overflow flaw was found in the w...

[ASA-201709-9] linux: arbitrary code execution

Arch Linux Security Advisory ASA-201709-9 ========================================= Severity: High Date : 2017-09-15 CVE-ID : CVE-2017-1000251 Package : linux Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-392 Summary ======= The package linux before versio...

openthread: Stack-buffer-overflow in ot::MeshCoP::CommissionerSessionIdTlv::GetCommissionerSessionId

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=6738146924429312 Project: openthread Fuzzer: libFuzzeropenthreadip6-send-fuzzer Fuzz target binary: ip6-send-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash Type:...

Lockstep Backup for Workgroups 4.0.3 - Remote Buffer Overflow (Metasploit)

Lockstep Backup for Workgroups 4.0.3 - Remote Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'Lockstep Backup for Workgroups %q This module exploits a stack buffer overflow found in Lockstep Backup for Workgroups 'james fitts' , 'License' = MSFLICENSE, 'Version' = '$Revision...

CentOS Update for kernel CESA-2017:2679 centos7

Check the version of kernel SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882768";...

Motorola Netopia Netoctopus SDCS Stack Buffer Overflow

require 'msf/core' class MetasploitModule 'Motorola Netopia Netoctopus SDCS Stack Buffer Overflow', 'Description' = %q This module exploits a vulnerability within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifi...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit)

Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'VIPA Authomation WinPLC7 recv Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in VIPA Automation WinPLC7 'james fitts' , 'License' =...