MS16-130: Security Update for Microsoft Windows (3199172)

The remote Windows host is missing a security update or security rollup. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the Windows image file handling functionality due to improper handling of image files. An unauthenticated, remot...

[SECURITY] Fedora 24 Update: ansible-2.2.0.0-3.fc24

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

kernel: infiniband: Kernel crash by sending ABORT_TASK command

System using the infiniband support module ibsrpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator...

kernel: infiniband: Kernel crash by sending ABORT_TASK command

System using the infiniband support module ibsrpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator...

MacOS 10.12 - 'task_t' Privilege Escalation Exploit

Exploit for macOS platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=837 TL;DR you cannot hold or use a task struct pointer and expect the euid of that task to stay the same. Many many places in the kernel do this and there are a great many very...

Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free Exploit

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=830 When you create a new IOKit user client from userspace you call: kernreturnt IOServiceOpen ioservicet service, taskportt owningTask, uint32t type, ioconnectt connect ; The...

Apple OS XiOS - mach_ports_register Multiple Memory Safety s

Apple OS XiOS - machportsregister Multiple Memory Safety s Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=882 machportsregister is a kernel task port MIG method. It's defined in MIG like this: routine machportsregister targettask : taskt; initportset : machportarrayt = ^array o...

Apple OS XiOS Kernel - IOSurface Use-After-Free

Apple OS XiOS Kernel - IOSurface Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=831 IOSurfaceRootUserClient stores a task struct pointer passed in via IOServiceOpen in the field at +0xf0 without taking a reference. By killing the corrisponding task we can free th...

Apple OS X/iOS - 'mach_ports_register' Multiple Memory Safety s

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=882 machportsregister is a kernel task port MIG method. It's defined in MIG like this: routine machportsregister targettask : taskt; initportset : machportarrayt = ^array of machportt; Looking at the generated code for this we noti...

Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=830 When you create a new IOKit user client from userspace you call: kernreturnt IOServiceOpen ioservicet service, taskportt owningTask, uint32t type, ioconnectt connect ; The owningTask mach port gets converted into a task struc...

task_t considered harmful

Posted by Ian Beer, Project Zero This post discusses a design issue at the core of the XNU kernel which powers iOS and MacOS. Apple have shipped two iterations of mitigations followed yesterday by a large refactor in MacOS 10.12.1/iOS 10.1. We’ll look at the bugs, how they can be exploited to...

Mozilla Turning TLS 1.3 On By Default With Firefox 52

When Mozilla ships Firefox 52, on or around March 7, 2017, the browser will come with the cryptographic protocol TLS 1.3 on by default. Martin Thomson, a principle engineer at Mozilla broke the news Wednesday in an email to Mozilla Development Platform members. “TLS 1.3 removes old and unsafe...

Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124)

Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation MS16-124 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=872 Windows: DeviceApi CMApi PiCMOpenClassKey Arbitrary Registry Key Write EoP Platform: Windows 10 10586 not tested...

DEBIAN-CVE-2016-6327

drivers/infiniband/ulp/srpt/ibsrpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service NULL pointer dereference and system crash by using an ABORTTASK command to abort a device write operation...

CVE-2016-5943

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors...

CVE-2016-5943

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors...

CVE-2016-4698

AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app...

CVE-2016-4698

AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app...

Arbitrary File Containment Vulnerability in UFIDA Financials

UFIDA Financials is a financial management software. UFIDA Financial System has an arbitrary file inclusion vulnerability. The vulnerability url is: http://target/TaskManager/TaskServiceServlet?m=1&taskname=... /... /WEB-INF/web.xml%00, attackers can use the vulnerability to obtain database...

Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt65

3:11-alt65 built Sept. 20, 2016 Sergey V Turchin in task 169477 Sept. 19, 2016 Sergey V Turchin - new version CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283,...