what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-05-31

Sketchup MAC Pict Material Palette Stack Corruption
Posted May 31, 2013
Authored by Felipe Andres Manzano

SketchUp is a 3D modeling program marketed by Google (2011) and designed for architectural, civil, and mechanical engineers as well as filmmakers, game developers, and related professions. SketchUp fails to validate the input when parsing an embedded MACPict texture. Arbitrary code execution is proved possible after a malicious texture or thumbnail or background image triggers a stack overflow. The issue can also be triggered when Windows Explorer reads the embedded thumbnail in a .skp file.

tags | advisory, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2013-3662
SHA-256 | 5d7db50f9ade70ce95f84ac3b672882ffe82ae29e7be793a09e28762eee3b890
SketchUp BMP RLE8 Heap Overflow
Posted May 31, 2013
Authored by Felipe Andres Manzano

SketchUp is a 3D modeling program marketed by Google (2011) and designed for architectural, civil, and mechanical engineers as well as filmmakers, game developers, and related professionals. SketchUp fails to validate the input when parsing an embedded BMP RLE8 compressed texture. Arbitrary code execution is proved possible after a malicious texture or thumbnail or background image triggers a heap overflow. The issue can also be triggered when Windows Explorer reads the embedded thumbnail in a .skp file.

tags | advisory, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2013-3663
SHA-256 | 17f8e6491de725a6356d5a28d83dd57f558bceb76d8c03f99d318c61e37535e5
Sketchup BMP Material RLE4 Heap Overflow
Posted May 31, 2013
Authored by Juan Pablo De Francesco

SketchUp is a 3D modeling program marketed by Trimble Navigation Limited and designed for architectural, civil, and mechanical engineers as well as filmmakers, game developers, and related professions. SketchUp fails to validate the input when parsing an embedded BMP RLE4 compressed texture. Arbitrary code execution is proved possible after a malicious texture or thumbnail or background image triggers a heap overflow. The issue can also be triggered when Windows Explorer reads the embedded thumbnail in a .skp file.

tags | advisory, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2013-3664
SHA-256 | 1c4cfc42272e043cb3a26afd49f0dd9be899a0c1b6c323eb7e949c63ab20224b
Sketchup MAC Pict Material Palette Stack Corruption
Posted May 31, 2013
Authored by Juan Pablo De Francesco

SketchUp is a 3D modeling program marketed by Trimble Navigation Limited and designed for architectural, civil, and mechanical engineers as well as filmmakers, game developers, and related professions. SketchUp fails to validate the input when parsing an embedded MACPict texture. Arbitrary code execution is proved possible after a malicious texture or thumbnail or background image triggers a stack overflow. The issue can also be triggered when Windows Explorer reads the embedded thumbnail in a .skp file.

tags | advisory, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2013-3664
SHA-256 | 7de6372bbd56871ca0b4e7f9e760cd3cea15095012c49fc68cd5aab071516746
Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow
Posted May 31, 2013
Authored by Spencer McIntyre | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the db_netserver process which is spawned by the Lianja SQL server. The issue is fixed in Lianja SQL 1.0.0RC5.2.

tags | exploit, overflow
advisories | CVE-2013-3563
SHA-256 | 7e06bdae955716ffa265faef6d8a8657fd4b8897f76d0c56b6eba227f9c8cabd
John The Ripper 1.8.0
Posted May 31, 2013
Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: Incremental mode's efficiency has been improved, and its length and character set limitations in default builds have been lifted. More speed metrics have been added to the status line. Trivial parallel and distributed processing has been implemented with new --fork and --node options. Bitmaps have been implemented for faster comparison of computed vs. loaded hashes. Cracking of bcrypt on 32-bit x86 with GCC 4.2+ and DES-based tripcodes has been sped up. Reconstruction of ASCII encodings of LM hashes has been implemented to save RAM. The formats interface has been made more GPU-friendly. Many formats have been renamed. The license has been relaxed.
tags | cracker
systems | windows, unix, beos
SHA-256 | 1222738c7829ce3014177ca9bd26c41573426f883c6b22527ee9bde363d84bda
Red Hat Security Advisory 2013-0882-01
Posted May 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0882-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-4461, CVE-2012-4542, CVE-2013-0311, CVE-2013-1767
SHA-256 | 43d73db1f21655d27f27accef38ee47638229ca88b3abd0e8748d5cc1d891f5d
Ubuntu Security Notice USN-1844-1
Posted May 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1844-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-2850
SHA-256 | 4409b80c2843ed529bb54b7d7acd3f9b916a978cdac0aa546fef60448aec5db3
Ubuntu Security Notice USN-1845-1
Posted May 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1845-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-2850
SHA-256 | 236b6aff2c79a317ab4d298f4c129862591d012f2be82c8d084b46dc248b039c
Ubuntu Security Notice USN-1846-1
Posted May 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1846-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-2850
SHA-256 | 5ab8ac57eda21b5218bbbe540e901ebdbfcd54a58d00f96be06a2d53858d2d3b
Ubuntu Security Notice USN-1847-1
Posted May 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1847-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-2850
SHA-256 | 4b4cc12dc316dfcf4ed9fc46a7e2298395f2724b58d0f4d7dcf100b53a1345d0
Debian Security Advisory 2697-1
Posted May 31, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2697-1 - It was discovered that a malicious client could crash a GNUTLS server and vice versa, by sending TLS records encrypted with a block cipher which contain invalid padding.

tags | advisory
systems | linux, debian
advisories | CVE-2013-2116
SHA-256 | 20fa1ae17a3faa746d6808e1c768335a12673ba1fd3c272301749bf74dff189d
Mandriva Linux Security Advisory 2013-171
Posted May 31, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-171 - A flaw was found in the way GnuTLS decrypted TLS record packets when using CBC encryption. The number of pad bytes read form the packet was not checked against the cipher text size, resulting in an out of bounds read. This could cause a TLS client or server using GnuTLS to crash. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-2116
SHA-256 | 68431e763d85fa3134cf3d5c54bd7d49e4e83ec88fc89118c8ee33167cad8e68
Red Hat Security Advisory 2013-0883-01
Posted May 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0883-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-2116
SHA-256 | 985b08bb5e85e3bdab1ce08986444bf23688b3dd64bb4f77591741bf2232aaad
Red Hat Security Advisory 2013-0884-01
Posted May 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0884-01 - These packages provide a transport-independent RPC implementation. A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically allocated. This could cause an application using libtirpc, such as rpcbind, to crash.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-1950
SHA-256 | a5ecdbd6b37ef113140868d948650ffb7b0c8096abb720e8f5221c55218846a7
Debian Security Advisory 2696-1
Posted May 31, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2696-1 - A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.

tags | advisory
systems | linux, debian
advisories | CVE-2013-3551
SHA-256 | 640ea9174e71b305a5f1b339da29ee15b1585728d406cc4960dddb989aadb1bf
Debian Security Advisory 2695-1
Posted May 31, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2695-1 - Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected.

tags | advisory, web, vulnerability, xss
systems | linux, debian
advisories | CVE-2013-2837, CVE-2013-2838, CVE-2013-2839, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2845, CVE-2013-2846, CVE-2013-2847, CVE-2013-2848, CVE-2013-2849
SHA-256 | a1be0c732a451012a3ce3790491e07d11ec1d79c4b31ee3517a8f1106d62c7d6
Ubuntu Security Notice USN-1838-1
Posted May 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1838-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094, CVE-2013-1929, CVE-2013-1929, CVE-2013-2094
SHA-256 | 56988ff0df6a0f61b5822639fca00113441c09201b2d0bff164ced0de152ac12
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close