A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time. A remote attacker would need to be able to send a specially crafted packet directly to a server running a vulnerable version of BIND. There is also the potential for an indirect attack via malware that is inadvertently installed and run, where infected machines have direct access to an organization's nameservers. Versions affected are 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3, and 9.8.1b1.
2fd13893122dc448b5db5225fe97b7626b7ee55edfa33dbb17024d926df11b52Debian Linux Security Advisory 2272-1 - It was discovered that BIND, a DNS server, does not correctly process certain UPDATE requests, resulting in a server crash and a denial of service. This vulnerability affects BIND installations even if they do not actually use dynamic DNS updates.
4fc41ab8569b1044b0a213223ba1fa05b854a033fdac4fdc31d6fb27452031e6Red Hat Security Advisory 2011-0920-01 - The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.
92eaf7d09061e8d6782fff5fc8afaf3e2839d6649eddf1a4cbabe01663326a44Red Hat Security Advisory 2011-0919-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that the virtio subsystem in qemu-kvm did not properly validate virtqueue in and out requests from the guest. A privileged guest user could use this flaw to trigger a buffer overflow, allowing them to crash the guest or, possibly, escalate their privileges on the host. It was found that the virtio_queue_notify() function in qemu-kvm did not perform sufficient input validation on the value later used as an index into the array of virtqueues. An unprivileged guest user could use this flaw to crash the guest or, possibly, escalate their privileges on the host. Various other issues were also addressed.
618f288e12fbda5483a5747741cf28e456411a05c89f0f05dca002132c56c20bRed Hat Security Advisory 2011-0918-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect. Various other issues were also addressed.
757ebdb8f6af6eba26dd318d53aed488e7fce3737ac0568add4ee65f5ac9bb7eUbuntu Security Notice 1163-1 - It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service.
6e7229dccc1279bee85e6103721901ee0cc50fb917f227f17ad912e58d9bc76fUbuntu Security Notice 1162-1 - Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not correctly handle certain configurations. If such a device was configured without VLANs, a remote attacker could crash the system, leading to a denial of service. Various other issues were also addressed.
5f9dbdee4c9cb66849ecb0fc61bcdea533d2e1379acc2d9161a3c99809f90f7eThe recent discussion relating to insecure library loading on the Microsoft Windows platform provoked a significant amount of debate as to whether GNU/Linux and UNIX variants could be vulnerable to similar attacks. Whilst the general consensus of the Slashdot herd appeared to be that this was just another example of Microsoft doing things wrong, the author felt this was unfair and responded with a blog post that sought to highlight an example of where POSIX style linkers get things wrong. Based on the feedback received to that post, the author decided to investigate the issue a little further. This paper is an amalgamation of what was learnt.
38725ccf48a81f4e7da57a4196862e45b938f1fbb3f88bb603cf2a91867ab832Whitepaper called Defeating Data Execution Prevention and ASLR in Windows XP SP3. Data prevention Execution (DEP) and Address space layout randomization (ASLR) are two protection mechanisms integrated in Windows operating system to make more complicated the task of exploiting software. This document show how these two features can be bypassed using different techniques.
f469442a5a92bed1a1086a83f8aebc86f786d426e10337f16a54d94b71969b8eWhitepaper called Structured Exception Handler Exploitation. The SEH exploitation technique was publicly documented by David Litchfield September, 2003. At a high-level, the SEH overwrite technique uses a software vulnerability to execute arbitrary code by abusing the 32-bit exception dispatching facilities provided by Windows. At a functional level, an SEH overwrite is generally accomplished by using a stack-based buffer. This document explains SEH details while exploiting a real case.
6e3042b60dc7dac5ac44837519701c34752fa6f26c6addfd50be7b699eb1b3b2Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process.
0305582fef0a334d0098bff6db770a8a71c665735a44588fdd53e7b219351d8cWhitepaper called Become Fully Aware of the Potential Dangers of Active-X Attacks. Exploiting Active-X components vulnerabilities in Windows has become a favored method of attackers aiming to compromise specific computers. Such targeted attacks have increasingly become a threat to companies and government agencies. This talk will explain this kind of attack and show how this flaw could be discovered while going through exploitation.
9eeb90330cfbccc1cd8f8478aef2e4c16a609d57f5f1172310f841fe03112f37Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.
2c1afb10f1f364d84902aa704ae75b54b7d538279adb0348248fba3c6e22acf9Apple Security Advisory 2011-06-28-2 - Multiple vulnerabilities exist in Java 1.6.0_24, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
ac17f9a66569c15aa5a3005b935ebd8f244216344adfa4e88ff8858841e3d68bFlatPress version 0.1010.1 suffers from multiple cross site scripting vulnerabilities.
156e35a641b41edf78ba633dd306e6c81d81b83382ecc5115b126f90b9f07374CoolPlayer version 2.19 buffer overflow exploit that spawns calc.exe.
e322e99bb4418635af8df36fe49a1e7a39fffd5fa6db61b39fb1876c8807afe9a-Tech suffers from a remote SQL injection vulnerability.
421d2e11992e003d069df03832ed887636c5e0d501ea09670c5ddbf891fa21ffOpen-Realty version 3.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
e0bc18dbde6cc2bf1528cf84d03fe9e43b02f03c04a394af0f07f2ad8bb0950cA heap overflow is caused by a signedness vulnerability within copyImageBlockSetTiff(). The crash occurs within any application using the framework, including Preview, QuickLook, Safari and Mail.
147af24c2d70bdedd1b38ad38463143eddc00aaf8190e135935aa9b337388a4aA corrupt Canon Camera RAW file (.CR2) can cause a crash in the RawCamera library. This affects viewing files in both the Preview.app application or via Quick Look. Mac OS X 10.6.6 with RawCamera.bundle versions prior to 3.6 are affected.
bfa974140fd1bf14906e974ca1afd9e9e4884f61c2b178a9aa19ede528e993e7The 64 Bit Cisco VPN Client for Windows 7 is affected by a local privilege escalation vulnerability that allows non-privileged users to gain administrative privileges.
08f5570d4c6be54c002cfa145af36178430faf32f06ff0356ead9ce97f74e70dDominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
215fdcdc27bc0af91ed31034d3dcfaac9d2c8dc0daf9e1f8e21a6270bff6a628Adobe Reader version 5.1 XFDF buffer overflow exploit.
ae8711f6100a886b8ad9d69109dcdeffc8d7f2351b0bb884eeed4152a0e596d9This Metasploit module exploits a stack-based buffer overflow in Word Builder 1.0. An attacker must send the file to the victim and the victim must open the file.
4f09a8ce134a573e331adcdbf613031d7114055b816c39ca90f77e2dcf04af54This Metasploit module exploits a stack-based buffer overflow in WordTrainer v3.0. An attacker must send the file to the victim and the victim must open the file.
4b130c06b595a1aebefacbea1f6ece05881fbb447f2e8142076d4f04b9a70ea4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed