Assorted[chips] Security Vulnerabilities

Ignore Supply Chain Security and Risk Management at Your Peril

No CFO thinks that his signature approving a purchase order for a new five-figure piece of hardware could ultimately cost his company seven-figures, or maybe force them to shut their doors forever. But that’s the reality many companies need to face when it comes to supply chain security and risk...

Chrome 23 Released, 14 vulnerabilities patched

Google today released Chrome version 23 to the Stable Channel. 23.0.1271.64 for Windows, Mac, Linux, and Chrome Frame. Update includes patch for 12 vulnerabilities in the Windows version and two vulnerabilities in Mac OS X version. Chrome 23 is the support of the Do Not Track (DNT) protocol,...

Patch Available for Broadcom Mobile Device Firmware DoS Vulnerability

Older versions of Broadcom firmware found in a number of mobile devices from major vendors including the Apple iPhone, iPad, Samsung Galaxy S and HTC Droid Incredible are vulnerable to a denial of service attack. Researchers Andres Blanco and Matias Eissler of Core Security Technologies reported...

IP Theft, Supply Chain Security Major Worries for Government, Former Cybersecurity Czar Says

ANAHEIM, CALIF.–The theft of intellectual property through attacks on U.S. networks, both government-owned and private, has become one of the major concerns for officials at the top level of the federal government, not just among security staffs, but at the upper echelons of the White House and...

Smartphone wireless chipset vulnerable to DoS attack

Security researcher Andres Blanco from CoreSecurity discovered a serious vulnerability in two Wireless Broadcom chipsets used in Smartphones. Broadcom Corporation, a global innovation leader in semiconductor solutions for wired and wireless communications. Broadcom BCM4325 and BCM4329 wireless...

Broadcom BCM4325 and BCM4329 wireless chipset denial-of-service vulnerability

Overview Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Description The CORE Security Technologies advisory states: _"An out-of-bounds read error condition exists in.....

Broadcom DoS on BCM4325 and BCM4329 devices

Advisory Information Title: Broadcom DoS on BCM4325 and BCM4329 devices Advisory ID: CORE-2012-0718 Advisory URL: http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329 Date published: 2012-10-23 Date of last update: 2012-10-23 Vendors contacted: Broadcom Corporation...

Anonymous Hackers attack Masonic Child Identification Program website

A group of computer hackers Anonymous goes by the name xPsych0path has accuse Masonichip for unwillingness to accept the forced chipping of children they are working toward mitigating it by disrupting the chipping operation. They have built their own operation, in opposition to this issue. In...

The Tale of One Thousand and One DSL Modems

This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on...

Researcher Charlie Miller Joins Twitter Security Team

Twitter quietly is assembling a serious security team, with the most recent addition being Charlie Miller, the security researcher known for finding a long line of bugs in the iPhone and other Apple products. Miller, a respected and prolific researcher, will join the social network’s security team....

Charlie Miller Takes on NFC, Charlie Miller Wins

LAS VEGAS–Do not stand near Charlie Miller. Actually, you might not even want to let him walk past you. It’s not that Miller is a bad person, you understand. The problem is that Miller has figured out a couple of methods that enable him–or an attacker–to use the NFC chip in some phones to exploit.....

WANGKONGBAO CNS-1000 / CNS-1100 Directory Traversal

...

WANGKONGBAO CNS-1000 UTM IPS-FW Directory Traversal

Exploit for hardware platform in category web...

WANGKONGBAO CNS-1000 UTM IPS-FW - Directory Traversal (Metasploit)

WANGKONGBAO CNS-1000 UTM IPS-FW - Directory Traversal...

WANGKONGBAO CNS-1000 UTM IPS-FW - Directory Traversal (Metasploit)

...

Unbreakable Enterprise kernel security and bugfix update

[2.6.39-200.24.1.el5uek] - Revert 'Add Oracle VM guest messaging driver' (Guru Anbalagane) [Orabug: 14233627} [2.6.39-200.23.1.el5uek] - SPEC: add block/net modules to list used by installer (Guru Anbalagane) [Orabug: 14224837] [2.6.39-200.22.1.el5uek] - NFSv4: include bitmap in nfsv4 get acl...

Intel CPU Vulnerability can provide control of your system to attacker

Intel CPU Vulnerability can provide control of your system to attacker The U.S. Computer Emergency Readiness Team (US-CERT) has disclosed a flaw in Intel chips that could allow hackers to gain control of Windows and other operating systems. The flaw has already been exploited on 64-bit versions...

Intel Processor SYSRET Vulnerability Affecting Some 64-Bit Systems

A flaw exists in the way that a specific instruction is handled on some types of Intel 64-bit chips that could open up some operating systems and types of virtualization software to attacks, according to an alert issued last week but revised today by the United States Computer Emergency Readiness.....

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7515)

This kernel update for the SUSE Linux Enterprise 10 SP4 kernel fixes several security issues and bugs. The following security issues were fixed : The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 2393)

This kernel update fixes the following security problems : A bug within the UDF filesystem that caused machine hangs when truncating files on the filesystem was fixed. [#186226]. (CVE-2006-4145) A potential crash when receiving IPX packets was fixed. This problem is thought not to...

Social game Zynga's YoVille gets hacked

Social game Zynga's YoVille gets hacked Matt Spencer has been an active player of "YoVille" since the Zynga-owned virtual world launched in 2008, but hasn't played the game in about three weeks. He post a complaint on the gaming company's forum that in late January, Spencer's "YoVille" account...

kernel update for SLE11 SP2 (important)

The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.26, fixing lots of bugs and security issues. Following security issues were fixed: CVE-2012-1179: A locking problem in transparent hugepage support could be used by local attackers to potentially crash the host, or via kvm a...

SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172)

The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.26, which fixes a lot of bugs and security issues. The following security issues have been fixed : A locking problem in transparent hugepage support could be used by local attackers to potentially crash the host, or via kvm...

Security update for Linux kernel (important)

The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.26, which fixes a lot of bugs and security issues. The following security issues have been fixed: CVE-2012-1179: A locking problem in transparent hugepage support could be used by local attackers to potentially crash the...

[USN-1390-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1390-1 March 06, 2012 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 8.04 LTS Summary: Several security issues were fixed in the kernel....

Ubuntu Update for linux-ti-omap4 USN-1394-1

Ubuntu Update for Linux kernel vulnerabilities...

USN-1394-1 : Linux kernel (OMAP4) vulnerabilities

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. (CVE-2011-1927) Vegard Nossum discovered a leak in the kernel's inotify_init() system call. A local, unprivileged user could...

linux-ti-omap4 vulnerabilities

Releases Ubuntu 10.10 Packages linux-ti-omap4 - Linux kernel for OMAP4 Details Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. (CVE-2011-1927) Vegard Nossum discovered a...

Ubuntu Update for linux USN-1390-1

Ubuntu Update for Linux kernel vulnerabilities...

Ubuntu 8.04 LTS : linux vulnerabilities (USN-1390-1)

Dan Rosenberg reported errors in the OSS (Open Sound System) MIDI interface. A local attacker on non-x86 systems might be able to cause a denial of service. (CVE-2011-1476) Dan Rosenberg reported errors in the kernel's OSS (Open Sound System) driver for Yamaha FM synthesizer chips. A local user...

Linux kernel vulnerabilities

Releases Ubuntu 8.04 Packages linux - Linux kernel Details Dan Rosenberg reported errors in the OSS (Open Sound System) MIDI interface. A local attacker on non-x86 systems might be able to cause a denial of service. (CVE-2011-1476) Dan Rosenberg reported errors in the kernel's OSS (Open Sound...

Oracle Linux 5.8 kernel security and bug update

kernel [2.6.18-308.el5] - [scsi] lpfc: Update lpfc version for 8.2.0.108.4p driver release (Rob Evers) [784073] - [scsi] lpfc: Fix FCP EQ memory check init w/single int vector (Rob Evers) [784073] [2.6.18-307.el5] - [s390] crypto: Reset sha2 index after processing partial block (David Howells)...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7516)

This kernel update for the SUSE Linux Enterprise 10 SP4 kernel fixes several security issues and bugs. The following security issues were fixed : The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM...

Super Cryptography : The Next Generation Encryption

Super Cryptography : The Next Generation Encryption The next generation of encryption technologies meets this need by using Elliptic Curve Cryptography (ECC) to replace RSA and DH, and using Galois/Counter Mode (GCM) of the Advanced Encryption Standard (AES) block cipher for high-speed...

ICIMP 2012 Call For Papers

...

GPU cracks 6 character password in 4 seconds

GPU cracks 6 character password in 4 seconds An nVidia GeForce GT220 graphics card, which costs about £30, is capable of cracking strong passwords in a matter of hours. Security experts were able to crack a 6 character password in 4 seconds, a 7 character password in less than 5 minutes, and 8...

Linux kernel (OMAP4) vulnerabilities

Releases Ubuntu 11.04 Packages linux-ti-omap4 - Linux kernel for OMAP4 Details Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss...

Linux kernel (Maverick backport) vulnerabilities

Releases Ubuntu 10.04 Packages linux-lts-backport-maverick - Linux kernel backport from Maverick Details It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-3698)...

Debian Security Advisory DSA 2264-1 (linux-2.6)

The remote host is missing an update to linux-2.6 announced via advisory DSA...

Wide Range of GSM Modules, SCADA Systems Vulnerable to Remote Control

If you think your car is safe and secure sitting in your driveway at night with its fancy alarm system enabled, Don Bailey has some bad news for you: he can unlock it and turn it on. Whenever he wants. From the other side of the country. Bailey, a senior security consultant at iSEC Partners known.....

Apple MacBooks Can Be Hacked Through The Battery

Apple MacBooks Can Be Hacked Through The Battery Security researcher Charlie Miller is quite well known for his works on Apple products. Today he has come up with a very interesting way to hack the MacBook using the battery. Laptop battery contains its own monitoring circuit which reports the...

Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1159-1)

Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. (CVE-2010-4243) Alexander Duyck discovered that the Intel Gigabit Ethernet...

Ubuntu 11.04 : linux vulnerabilities (USN-1167-1)

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. (CVE-2011-1927) Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file...

Linux kernel vulnerabilities

Releases Ubuntu 11.04 Packages linux - Linux kernel Details Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. (CVE-2011-1927) Goldwyn Rodrigues discovered that the OCFS2...

Linux kernel vulnerabilities (Marvell Dove)

Releases Ubuntu 10.10 Packages linux-mvl-dove - Linux kernel for DOVE Details Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of...

Ubuntu 10.04 LTS : linux-mvl-dove vulnerabilities (USN-1162-1)

Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. (CVE-2010-4243) Alexander Duyck discovered that the Intel Gigabit Ethernet...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7568)

This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. The following security issues were fixed : Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service...

Security update for Linux kernel (important)

This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. Following security issues were fixed: * CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial...

Ubuntu 10.10 : linux vulnerabilities (USN-1160-1)

Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. (CVE-2010-4529) Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc...

Linux kernel vulnerabilities (Marvell Dove)

Releases Ubuntu 10.04 Packages linux-mvl-dove - Linux kernel for DOVE Details Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of...