47153 matches found
[oss-security] CVE request: Another Linux syscall auditing bug
On a 32-bit x86 kernel with syscall auditing enabled, syscall1000 will cause an OOPS. This problem goes at least as far back as Linux 3.11 and appears to be present in Linux 3.15 as well. I suspect that this bug is very old. In order to see this bug, you'll need syscall auditing on auditctl -e 1...
[oss-security] LMS-2014-06-16-5: Linux Kernel LZ4
Hello All, A vulnerability has been identified in the Linux kernel LZ4 implementation. Please find the bug report attached inline. Best, Don A. Bailey Founder / CEO Lab Mouse Security https://www.securitymouse.com/ Lab Mouse Security Report LMS-2014-06-16-5 Report ID: LMS-2014-06-16-5 CVE ID:...
[oss-security] CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem
Description of the problem: For a TCP-style socket, while processing the COOKIEECHO chunk in sctpsfdo51Dce, after it has passed a series of sanity check, a new association would be created in sctpunpackcookie, but afterwards, some processing maybe failed, and sctpassociationfree will be called to...
[slackware-security] gnupg (SSA:2014-175-02)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security gnupg SSA:2014-175-02 New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...
LibreOffice code execution
Under some conditions, macros can be executed...
iodine authentication bypass
reverse tunneling is possible...
FreeBSD Security Advisory FreeBSD-SA-14:15.iconv
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:15.iconv Security Advisory The FreeBSD Project Topic: iconv3 NULL pointer dereference and out-of-bounds array access Category: core Module: libc/iconv...
[slackware-security] samba (SSA:2014-175-04)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security samba SSA:2014-175-04 New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...
[USN-2253-1] LibreOffice vulnerability
========================================================================== Ubuntu Security Notice USN-2253-1 June 23, 2014 libreoffice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Samba multiple security vulnerabilities
DoS, information leakage...
[SECURITY] [DSA 2965-1] tiff security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2965-1 [email protected] http://www.debian.org/security/ Michael Gilbert June 22, 2014 http://www.debian.org/security/faq -...
GnuPG DoS
Infinite loop in decompression...
[oss-security] CVE Request: iodine: authentication bypass by client
Hi oss-security, iodine 0.7.0 has just been released, which fixes an authentication bypass issue discovered by Oscar Reparaz. The fix is here: https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850 and the new release is available at the homepage:...
gif2tiff buffer overflow
Buffer overflow on gif parsing...
Re: [oss-security] CVE Request: Linux kernel ALSA core control API vulnerabilities
Hi, The mail that was send by Lars-Peter to the ALSA developers. Takashi Tiwai gave approval to forward it here. Ciao, Marcus ------------------------------------------------------------------- Subject: PATCH 0/5 Use-after-free and out-of-bounds acccess vulnerabilities in the ALSA control code...
CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux)
Vulnerability title: Multiple Cross Site Scripting in Sophos Antivirus Configuration Console Linux CVE: CVE-2014-2385 Vendor: Sophos Product: Antivirus Affected version: 9.5.1 Fixed version: 9.6.1 Reported by: Pablo Catalina Details: The Configuration Console of Sophos Antivirus 9.5.1 Linux does...
Sophos Antivirus Configuration Console crossite scripting
Crossite scripting in Web interface...
FreeBSD iconv security vulnerabilities
NULL pointer dereference, out-of-bound array access...
[oss-security] CVE-2014-0206 -- Linux kernel: kernel memory disclosure in io_getevents()
A kernel memory disclosure was introduced in aioreadeventsring in v3.10 by commit a31ad380bed817aa25f8830ad23e1a0480fef797. The changes made to aioreadeventsring failed to correctly limit the index into ctx-ringpages, allowing an attacker to cause the subsequent kmap of an arbitrary page with a...
[oss-security] Re: (Linux kernel) Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to the manual page, after calling it with 1 as a second argument, any consecutive system calls other than read, write, exit and sigreturn should result in the delivery of SIGKILL. However, under MIPS any consecutive system call behaves as if...
[oss-security] Xen Security Advisory 100 (CVE-2014-4021) - Hypervisor heap contents leaked to guests
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-4021 / XSA-100 version 3 Hypervisor heap contents leaked to guests UPDATES IN VERSION 3 ==================== Public Release. CVE assigned. ISSUE DESCRIPTION ================= While memory pages recovered from dying guest...
[USN-2248-1] OpenStack Cinder vulnerability
========================================================================== Ubuntu Security Notice USN-2248-1 June 18, 2014 cinder vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
[USN-2247-1] OpenStack Nova vulnerabilities
========================================================================== Ubuntu Security Notice USN-2247-1 June 17, 2014 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
[oss-security] CVE request for vulnerability in OpenStack Heat
A vulnerability was discovered in OpenStack see below. In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Heat template URL information leakage Reporter: Jason...
[oss-security] Xen Security Advisory 96 (CVE-2014-3967,CVE-2014-3968) - Vulnerabilities in HVM MSI injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-3967,CVE-2014-3968 / XSA-96 version 3 Vulnerabilities in HVM MSI injection UPDATES IN VERSION 3 ==================== CVEs assigned. ISSUE DESCRIPTION ================= The implementation of the HVM control operation...
[security bulletin] HPSBMU03048 rev.1 - HP Software Executive Scorecard, Remote Execution of Code, Directory Traversal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04341295 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04341295 Version: 1 HPSBMU03048 rev....
[oss-security] CVE-2014-4171 - Linux kernel mm/shmem.c denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-4171 has been assigned to the http://ozlabs.org/akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch issue in the Linux kernel. See yesterday's http://www.spinics.net/lists/mm-commits/msg104782.html message. - -- CVE...
[oss-security] Xen Security Advisory 98 (CVE-2014-3969) - insufficient permissions checks accessing guest memory on ARM
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-3969 / XSA-98 version 3 insufficient permissions checks accessing guest memory on ARM UPDATES IN VERSION 3 ==================== CVE assigned. ISSUE DESCRIPTION ================= When accessing guest memory Xen does not...
[oss-security] Xen Security Advisory 54 (CVE-2013-2078) - Hypervisor crash due to missing exception recovery on XSETBV
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-2078 / XSA-54 version 4 Hypervisor crash due to missing exception recovery on XSETBV UPDATES IN VERSION 4 ==================== Reduce vulnerable range of versions to 4.1 and onwards. ISSUE DESCRIPTION =================...
[oss-security] [OSSA 2014-017] Nova VMWare driver leaks rescued images (CVE-2014-2573)
OpenStack Security Advisory: 2014-017 CVE: CVE-2014-2573 Date: May 29, 2014 Title: Nova VMWare driver leaks rescued images Reporter: Jaroslav Henner Red Hat Products: Nova Versions: from 2013.2 to 2013.2.3, and 2014.1 Description: Jaroslav Henner from Red Hat reported a vulnerability in Nova. By...
Xen multiple security vulnerabilities
DoS, information leakage, privilege escalation...
[oss-security] Xen Security Advisory 99 - unexpected pitfall in xenaccess API
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-99 version 2 unexpected pitfall in xenaccess API UPDATES IN VERSION 2 ==================== Public Release. Added note regarding CVE. ISSUE DESCRIPTION ================= A test/example program, for exercising the Xen memaccess...
[oss-security] CVE request for vulnerability in OpenStack Neutron
A vulnerability was discovered in OpenStack see below. In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Neutron L3-agent DoS through IPv6 subnet Reporter:...
OpenStack multiple security vulnerabilities
Heart information leakage, Cinder privilege escalation, Nova multiple vulnerabilities, Neutron protection bypass...
HP Software Executive Scorecard security vulnerabilities
Directory traversal, code execution...
[oss-security] CVE request: PHP heap-based buffer overflow in DNS TXT record parsing
Good morning, Stefan Esser pointed out that the following commit fixes a heap-based buffer overflow in DNS TXT record parsing: https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468 A malicious server or man-in-the-middle attacker could possibly use this flaw to execute...
[SE-2014-01] Security vulnerabilities in Oracle Database Java VM
Hello All, Security Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software 1. Discovered security issues violate many "Secure Coding Guidelines for the Java Programming Language" 2. Most of them demonstrate a well known problem...
[oss-security] CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure
Good morning, http://seclists.org/fulldisclosure/2014/Jun/21 reports two temporary file issues. The first is in PHP's configure script: char filename = "/tmp/phpglibccheck"; Red Hat bug: https://bugzilla.redhat.com/showbug.cgi?id=1104978 The second issue is Lynis writing a predictable file to...
OpenAFS uninitialized memory
Uninitialized memory access is possible...
[oss-security] CVE-2014-3940 - Linux kernel - missing check during hugepage migration
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The scope of CVE-2014-3940 is the https://lkml.org/lkml/2014/3/18/784 post, i.e., "PATCH RESEND -mm 1/2 mm: add !ptepresent check on existing hugetlbentry callbacks" on 18 March. Two notes about this: - Applying the https://lkml.org/lkml/2014/3/18/784...
[oss-security] CVE-2014-1739: Kernel Infoleak vulnerability in,media_enum_entities()
Hi, We found an infoleak vulnerability in the ioctl mediaenumentities that allows to disclose 200 bytes the kernel process' stack. The vulnerability is exploitable on versions up to linux-3.15-rc3 by local users with read access to /dev/media0. Linux distributions ship with chmod 600 /dev/media0...
[oss-security] Re: Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS
On dim., 2014-06-15 at 19:31 +0100, Ben Hutchings wrote: Please can you assign a CVE ID to this bug? Hi Ben, we usually don't assign CVE from our pool for public issues, and I'm especially reluctant here as I don't know if someone else aware of this issue could have assign one. So I'm asking on...
[oss-security] CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE
Hi All I have raised this twice with [email protected], on 30 April and June 3. I have received no response either time, therefore I am raising it on oss-security. CVE-2014-0114 describes a well-known issue in Apache Struts 1: "It was found that the Struts 1 ActionForm object allowed access to...
Oracle multiple security vulnerabilities
Multiple privilege escalations via built-in Java machine...
[oss-security] CVE request: Linux kernel / target information leak
Hi, Please assign a CVE ID: Jorge Daniel Sequeira Matias discovered an information leak in the rdmcp backend of the iSCSI target subsystem in the Linux kernel originally reported to the Debian Security Team and investigated by Nicholas A. Bellinger: Introduced in 2.6.38 and fixed in 3.14 with...
[oss-security] Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 39 if "$OS" = "AIX" ; then 40 TMPFILE=/tmp/lynis.$$ We can make a CVE assignment corresponding to your disclosure of this lynis.$$ issue on oss-security. Use CVE-2014-3982. A CVE for this most likely won't or shouldn't have a...
Linux restrictions bypass
SECCOMPS restrictions bypass on MIPS...
[oss-security] CVE request: OpenAFS 1.6.8 TMAY fileserver crashes
New code introduced in OpenAFS 1.6.8 does not properly zero fields in the host structure in the OpenAFS fileserver, leading to some variables in the host structure being left initialized from recycled heap memory. While no mechanism for exploitation is currently known, the affected file server...
[musl] Security advisory for musl libc - remote stack-based buffer overflow in DNS response parsing [CVE-2014-3484]
A remote stack-based buffer overflow has been found in musl libc's dns response parsing code. The overflow can be triggered in programs linked against musl libc and making dns queries via one of the standard interfaces getaddrinfo, getnameinfo, gethostbyname, gethostbyaddr, etc. if one of the...
Google Chrome / Chromium multiple security vulnerabilities
Memory corruptions, buffer overflows...