-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] libssh (SSA:2012-341-02)
New libssh packages are available for Slackware 14.0, and -current to
fix security issues.
Here are the details from the Slackware 14.0 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] bind (SSA:2012-341-01)
New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.
Here are the details from the Slackware 14.0 ChangeLog:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2583-1 secur...@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
December 08, 2012
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2584-1 secur...@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
December 08, 2012
# Exploit Title: Android Kernel 2.6 Local DoS
# Date: 12/7/12
# Author: G13
# Twitter: @g13net
# Versions: Android 2.2, 2.3
# Category: DoS (android)
#
# Vulnerability #
The Android OS is vulnerable to a local DoS when a filename with a
length of 2048
or larger is attempted to be written
Centrify Deployment Manager v2.1.0.283 local root
12/7/2012
Taking a little longer look at the software, I managed to win a race condition
and get root with files in /tmp. Here is my analysis:
root@h0g:/tmp ls -l /etc/shadow
-r 1 root shadow 1010 Dec 7 21:42 /etc/shadow root@h0g:/tmp
#!/usr/bin/perl
# FreeVimager 4.1.0 = WriteAV Arbitrary Code Execution
# Author: Jean Pascal Pereira pere...@secbiz.de
# Vendor URI: http://www.contaware.com
# Vendor Decription:
# This is a Free Fast Image Viewer and Editor for Windows. It can as well
play avi video files,
# ordinary audio
#!/usr/bin/perl
# DIMIN Viewer 5.4.0 = WriteAV Arbitrary Code Execution
# Author: Jean Pascal Pereira pere...@secbiz.de
# Vendor URI: http://www.dimin.net
# Vendor Decription:
# View images in countless formats, and apply a variety of effects with this
small, fast, and powerful
#
Advisory ID: HTB23127
Product: Smartphone Pentest Framework (SPF)
Vendor: Bulb Security LLC
Vulnerable Versions: 0.1.3, 0.1.4 and probably prior
Tested Versions: 0.1.3, 0.1.4
Vendor Notification: November 19, 2012
Public Disclosure: December 10, 2012
Vulnerability Type: OS Command Injection
Apologies if you receive multiple copies of this message.
===
Call for Papers: DIMVA 2013
===
10th International Conference on
Detection of Intrusions and Malware Vulnerability Assessment
Berlin, Germany
July 18-19 2013
Snare for Linux Cross-Site Scripting via Log Injection
I. BACKGROUND
--
Snare for Linux provides a 'C2' or 'CAPP' style audit
subsystem for the Linux operating system. It can be
used as a standalone auditing tool for Linux, or can
send data to the Snare Server for analysis
Snare for Linux Cross-Site Request Forgery
I. BACKGROUND
--
Snare for Linux provides a 'C2' or 'CAPP' style audit
subsystem for the Linux operating system. It can be
used as a standalone auditing tool for Linux, or can
send data to the Snare Server for analysis and storage.
Snare for Linux Password Disclosure
I. BACKGROUND
--
Snare for Linux provides a 'C2' or 'CAPP' style audit
subsystem for the Linux operating system. It can be
used as a standalone auditing tool for Linux, or can
send data to the Snare Server for analysis and storage.
II.
13 matches
Mail list logo