[slackware-security] libssh (SSA:2012-341-02)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] libssh (SSA:2012-341-02) New libssh packages are available for Slackware 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--+

[slackware-security] bind (SSA:2012-341-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] bind (SSA:2012-341-01) New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog:

[SECURITY] [DSA 2583-1] iceweasel security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2583-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 08, 2012

[SECURITY] [DSA 2584-1] iceape security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2584-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 08, 2012

Android Kernel 2.6 Local DoS

# Exploit Title: Android Kernel 2.6 Local DoS # Date: 12/7/12 # Author: G13 # Twitter: @g13net # Versions: Android 2.2, 2.3 # Category: DoS (android) # # Vulnerability # The Android OS is vulnerable to a local DoS when a filename with a length of 2048 or larger is attempted to be written

Centrify Deployment Manager v2.1.0.283 local root

Centrify Deployment Manager v2.1.0.283 local root 12/7/2012 Taking a little longer look at the software, I managed to win a race condition and get root with files in /tmp. Here is my analysis: root@h0g:/tmp ls -l /etc/shadow -r 1 root shadow 1010 Dec 7 21:42 /etc/shadow root@h0g:/tmp

FreeVimager 4.1.0 = WriteAV Arbitrary Code Execution

#!/usr/bin/perl # FreeVimager 4.1.0 = WriteAV Arbitrary Code Execution # Author: Jean Pascal Pereira pere...@secbiz.de # Vendor URI: http://www.contaware.com # Vendor Decription: # This is a Free Fast Image Viewer and Editor for Windows. It can as well play avi video files, # ordinary audio

DIMIN Viewer 5.4.0 = WriteAV Arbitrary Code Execution

#!/usr/bin/perl # DIMIN Viewer 5.4.0 = WriteAV Arbitrary Code Execution # Author: Jean Pascal Pereira pere...@secbiz.de # Vendor URI: http://www.dimin.net # Vendor Decription: # View images in countless formats, and apply a variety of effects with this small, fast, and powerful #

Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework

Advisory ID: HTB23127 Product: Smartphone Pentest Framework (SPF) Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection

Call for Papers: DIMVA 2013

Apologies if you receive multiple copies of this message. === Call for Papers: DIMVA 2013 === 10th International Conference on Detection of Intrusions and Malware Vulnerability Assessment Berlin, Germany July 18-19 2013

Snare for Linux Cross-Site Scripting via Log Injection

Snare for Linux Cross-Site Scripting via Log Injection I. BACKGROUND -- Snare for Linux provides a 'C2' or 'CAPP' style audit subsystem for the Linux operating system. It can be used as a standalone auditing tool for Linux, or can send data to the Snare Server for analysis

Snare for Linux Cross-Site Request Forgery

Snare for Linux Cross-Site Request Forgery I. BACKGROUND -- Snare for Linux provides a 'C2' or 'CAPP' style audit subsystem for the Linux operating system. It can be used as a standalone auditing tool for Linux, or can send data to the Snare Server for analysis and storage.

Snare for Linux Password Disclosure

Snare for Linux Password Disclosure I. BACKGROUND -- Snare for Linux provides a 'C2' or 'CAPP' style audit subsystem for the Linux operating system. It can be used as a standalone auditing tool for Linux, or can send data to the Snare Server for analysis and storage. II.