SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1)

This update for glibc provides the following fixes : - Increase DTVSURPLUS limit. bsc968787 - Do not copy dname field of struct dirent. CVE-2016-1234, bsc969727 - Fix memory leak in nssdnsgethostbyname4r. bsc973010 - Fix stack overflow in nssdnsgetnetbynamer. CVE-2016-3075, bsc973164 - Fix malloc...

SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1)

This update for glibc provides the following fixes : - Increase DTVSURPLUS limit. bsc968787 - Do not copy dname field of struct dirent. CVE-2016-1234, bsc969727 - Fix memory leak in nssdnsgethostbyname4r. bsc973010 - Fix stack overflow in nssdnsgetnetbynamer. CVE-2016-3075, bsc973164 - Fix malloc...

Internet Bug Bounty: wddx_deserialize null dereference in php_wddx_pop_element

Upstream Bug --- https://bugs.php.net/bug.php?id=72799 Summary -- If we add an element to boolean leaf of XML struct, a null pointer dereference will happen when the element is popped. Source code: https://github.com/php/php-src/blob/PHP-5.6.24/ext/wddx/wddx.cL985 static void phpwddxpopelementvoi...

Ubuntu 14.04 LTS / 16.04 LTS : curl vulnerabilities (USN-3048-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3048-1 advisory. Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. CVE-2016-5419 It was discovered that curl...

USN-3048-1: curl vulnerabilities

Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. CVE-2016-5419 It was discovered that curl incorrectly handled client certificates when reusing TLS connections. CVE-2016-5420 Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly...

Fedora 24 : curl (2016-24316f1f56)

fix re-using connections with wrong client cert CVE-2016-5420 - fix TLS session resumption client cert bypass CVE-2016-5419 - fix use of connection struct after free CVE-2016-5421 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

FreeBSD : Vulnerabilities in Curl (e4bc70fc-5a2f-11e6-a1bc-589cfc0654e1)

Curl security team reports : CVE-2016-5419 - TLS session resumption client cert bypass CVE-2016-5420 - Re-using connections with wrong client cert CVE-2016-5421 - use of connection struct after free %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in th...

CURL-CVE-2016-5421 use of connection struct after free

libcurl is vulnerable to a use after free flaw. libcurl works with easy handles using the type 'CURL ' that are objects the application creates using curleasyinit. They are the handles that are all each associated with a single transfer at a time. libcurl also has an internal struct that represen...

openSUSE Security Update : glibc (openSUSE-2016-852)

This update for glibc provides the following fixes : - Increase DTVSURPLUS limit. bsc968787 - Do not copy dname field of struct dirent. CVE-2016-1234, bsc969727 - Fix memory leak in nssdnsgethostbyname4r. bsc973010 - Fix stack overflow in nssdnsgetnetbynamer. CVE-2016-3075, bsc973164 - Fix malloc...

Linux x86_64 /etc/passwd File Sender Shellcode

Linux x8664 /etc/passwd File Sender Shellcode. Shellcode exploit for linx86-64 platform / Title : Linux x8664 /etc/passwd file sender shellcode Date : 28-06-2016 Author : Roziul Hasan Khan Shifat Tested On : Ubuntu 14.04 LTS x8664 / / Disassembly of section .text: 0000000000400080 : 400080: 48 31...

Linux Kernel 4.4.x (Ubuntu 16.04) - double-fdput() bpf(BPF_PROG_LOAD) Privilege Escalation

Linux Kernel 4.4.x Ubuntu 16.04 - double-fdput bpfBPFPROGLOAD Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=808 In Linux =4.4, when the CONFIGBPFSYSCALL config option is set and the kernel.unprivilegedbpfdisabled sysctl is not explicitly set to 1 at runtim...

FreeBSD 10.2 64位内核堆溢出漏洞（CVE-2016-1885）

FreeBSD简介 FreeBSD是一种类UNIX的开源操作系统，为不同架构的计算机系统提供了不同程度的支持。FreeBSD提供先进的网络、性能、安全以及兼容性，这些特性在其他现代操作系统上仍有所缺失，即使是一些最好的商业操作系统。 在网络方面，FreeBSD的性能也是相当优异的。在很重的负载之下，FreeBSD仍然可以稳定的运行，这也是很多网络服务器采用 FreeBSD 的原因之一。 漏洞描述 在FreeBSD...

redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow

An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server denial of service or gain code execution outside of the Lua sandbox...

Updated openvpn packages fix security vulnerability

OpenVPN versions before 2.3.9 contain an out of bounds read error in resolveremote in the file socket.c. With both IPv4 and IPv6 connections, OpenVPN will read a struct sockaddrin6, but in the IPv4 case the data structure is smaller than in the IPv6 case. The openvpn package has been updated to...

x86_64 Linux bind TCP port shellcode

x8664 Linux bind TCP port shellcode. Shellcode exploit for linx86-64 platform /--------------------------------------------------------------------------------------------------------------------- / Exploit Title: bindshell TCP Author: Scorpion Copyright: c 2016 iQube. http://iQube.io Release Dat...

Linux/x86-64 - Bind TCP Port Shellcode (103 bytes)

/--------------------------------------------------------------------------------------------------------------------- / Author: Scorpion Copyright: c 2016 iQube. http://iQube.io Release Date: January 1, 2016 Description: x64 Linux null-free TCP bind port shellcode Assembled Size: 103 bytes Teste...

UBUNTU-CVE-2015-8922

The readCodersInfo function in archivereadsupportformat7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted 7z file, related to the 7zfolder struct...

CVE-2015-8922

The readCodersInfo function in archivereadsupportformat7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted 7z file, related to the 7zfolder struct...

openvpn: out-of-bound read

The code always tried to copy-out a "struct sockaddrin6" even for IPv4 results, which reads more bytes than getaddrinfo is guaranteed to allocate...

Android libstagefright - Integer Overflow Remote Code Execution

Exploit for Android platform in category remote exploits !/usr/bin/python2 import cherrypy import os import pwnlib.asm as asm import pwnlib.elf as elf import sys import struct with open'shellcode.bin', 'rb' as tmp: shellcode = tmp.read while lenshellcode % 4 != 0: shellcode += '\x00' heap groomin...