| New User, Welcome! Login |
Next Page >>
Red Hat
Solaris 2.8, 2.9, 2.10 / OV DP6.10 Solaris - Core / DPSOL_00370
Solaris 2.8, 2.9, 2.10 / OV DP6.10 Solaris - Cell Server / DPSOL_00372
RedHat 4AS-x86_64, RedHat 4ES-x86_64 / OV DP6.00 Linux - Core / DPLNX_00068
RedHat 4AS-x86_64, RedHat 4ES-x86_64 / OV DP6.00 Linux - Cell Server / DPLNX_00070
RedHat 4AS-x86_64, RedHat 4ES-x86_64 / OV DP6.10 Linux - Core / DPLNX_00076
Solaris 2.8, 2.9, 2.10 / OV DP6.10 Solaris - Core / DPSOL_00370
Solaris 2.8, 2.9, 2.10 / OV DP6.10 Solaris - Cell Server / DPSOL_00372
RedHat 4AS-x86_64, RedHat 4ES-x86_64 / OV DP6.00 Linux - Core / DPLNX_00068
RedHat 4AS-x86_64, RedHat 4ES-x86_64 / OV DP6.00 Linux - Cell Server / DPLNX_00070
RedHat 4AS-x86_64, RedHat 4ES-x86_64 / OV DP6.10 Linux - Core / DPLNX_00076
Solaris 2.8, 2.9, 2.10 / OV DP6.0 Solaris - Core / DPSOL_00436
Solaris 2.8, 2.9, 2.10 / OV DP6.0 Solaris - Cell Server / DPSOL_00437
SLES9, SLES10, RedHat 4ES -x86_64 / OV DP6.0 Linux - Core / DPLNX_00142
SLES9, SLES10, RedHat 4ES -x86_64 / OV DP6.0 Linux - Cell Server / DPLNX_00143
Windows Vista, XP, 2008, 2003, 2000 / OV DP6.0 Win - Core / DPWIN_00496
"(\(\(\(\(\(\(\(\(...)"
"(((...(.*))))"
regcomp() should crash with stack exhaustion symptom
This bug has been used to denial of service proftpd 1.3.3f in openbsd 4.9 and netbsd 5.1. Similar problem has been reported in GNU libc. Anyway Redhat has decided to not solve the problem:
---
Statement:
Red Hat does not consider crash of client application, using regcomp()
or regexec() routines on untrusted input without preliminary checking
Solaris 2.8, 2.9, 2.10 /
OV DP6.11 Solaris - Media Agent /
DPSOL_00431
SLES9, SLES10, RedHat 4ES -x86_64 /
OV DP6.11 Linux - Core /
DPLNX_00133
SLES9, SLES10, RedHat 4ES -x86_64 /
OV DP6.11 Linux - Cell Server /
dereference[1], discovered by Tavis Ormandy and Julien Tinnes. This exploit
was written to illustrate the exploitability of this vulnerability on
Power/Cell BE architecture.
The exploit makes use of the SELinux and the mmap_min_addr problem to exploit
this vulnerability on Red Hat Enterprise Linux 5.3 and CentOS 5.3. The
problem, first noticed by Brad Spengler, was described by Red Hat in Red Hat
Knowledgebase article: Security-Enhanced Linux (SELinux) policy and the
mmap_min_addr protection[2].
Support for i386 and x86_64 was added for completeness. For a more complete
* April 20, 2011: Pre-release versions available for Postfix 2.5
.. 2.8 and patches for Postfix 1.1 .. 2.9.
* Most vendors honored Wietse's request to avoid non-public
information in plaintext email headers or content. The exceptions
were SUSE and Red Hat. Shame on you, SUSE and Red Hat.
* May 9, 2011: Announcement and public release of fixes.
rgb2ycbcr tool do not properly validate the width and height of the image.
Specific TIFF images with large width and height can be crafted to trigger the
vulnerability.
A patch has been made available by the maintainer and further improved by Tom
Lane of Red Hat.
Affected version:
libtiff <= 3.8.2, <= 3.9 (stable), <= 4.0 (development)
SEVERITY: Medium
DIFFICULTY: Moderate
REFERENCES: CVE-2008-3323, RedHat Bugzilla Bug 449929
BACKGROUND
Cygwin is a Linux-like environment for Windows. It consists of two parts:
Hey Dan,
Freaking THANK YOU first and foremost. I've been waiting for someone to say that for days now, and was just about to myself.
Just because everyone and their brother want's to show off that they can compile & run some software (herp a derp, good job) DOESN'T mean they should immediately post it here. I tested it against an OLDER KERNEL on purpose because I actually read the headers and the exploit worked as expected. I knew that this was responsibly disclosed, so it was already patched on any system that I updated. If you don't have the proper symbols, then the exploit doesn't have the proper offsets, and the exploit will fail. Plain and simple. *THEN* there's people who don't even bother to read that "Red Hat does not support Econet by default". DOES NOT. As in the exploit WON'T WORK!
It's pathetic that the original exploit dev has to waste his time saying the same thing 5 times.
</rant>
Solaris 2.7, 2.8, 2.9
OV DP5.50 (Core)
DPSOL_00321
RedHat 4AS-x86_64, RedHat 4ES-x86_64
OV DP6.0 (Cell Server)
DPLNX_00025
RedHat 4AS-x86_64, RedHat 4ES-x86_64
OV DP6.0 (Core)
======================================================================
6) Time Table
08/10/2008 - vendor-sec contacted.
08/10/2008 - vendor-sec replied.
13/10/2008 - Red Hat asks for additional information.
14/10/2008 - Reply sent to Red Hat.
22/10/2008 - Public disclosure.
======================================================================
7) Credits
Potential vulnerabilities have been identified with HP Project and Portfolio Management Center (PPMC) formerly known as Mercury IT Governance. The vulnerabilities could be exploited remotely to allow cross site scripting (XSS)
References: CVE-2010-0452
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Project and Portfolio Management Center (PPMC) 7.5 SP3 and earlier running on AIX, HP-UX, Redhat Linux, Suse Linux, Solaris and Windows Server.
HP Project and Portfolio Management Center (PPMC) 7.1 SP10 and earlier running on AIX, HP-UX, Redhat Linux, Suse Linux, Solaris and Windows Server.
BACKGROUND
CVSS 2.0 Base Metrics
fixing several security issues:
* Large/infinite loop in the DICOM dissector. (Bug 5876) Versions
affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
* Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted Diameter dictionary file could crash
Wireshark. Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
* Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
that a corrupted snoop file could crash Wireshark. (Bug 5912) Versions
. 2009-08-23:
Core asks for proper CVE and Bugtraq ID numbers, specifying it believes
each vulnerability reported in this advisory should be assigned its own.
. 2009-08-23:
Vincent Danen, from Red Hat's Security Response Team contacts Core in
order to discuss both vulnerabilities by a secure communications
channel, and offers its help in obtaining proper CVE numbers, specifying
they also believe a separate number should be assigned to each
vulnerability.
. 2009-05-13:
Apple Product Security Team notifies the suggested fix would be to
update to CUPS 1.3.10.
. 2009-05-15:
The Red Hat Security Response Team informs (via vendor-sec) CUPS 1.1.17
is the oldest version they still ship and it is affected too. This issue
will probably affect even earlier CUPS versions too.
. 2009-05-25:
The Debian Team informs (via vendor-sec) there is a bug in the PoC
Firewall Administrators, Teachers, Academic Researchers and Software
Developers.
The last conference has been attended by: Ericsson, Commerzbank, Philips,
RBT, GRZ IT, IERN Sierra Leone, SAP, Improware, Telekom Austria, Microsoft,
BAWAG, T-Systems, Iphos, Sektion Eins, T-Mobile, Red Hat, SWITCH, Austrian
National Bank, Daimler, Sentrigo, University of Vienna, SEC Consult, Tech
Data, S21Sec, DHL, Bearing Point, Cygnos, wecon, YCO, and many others.
== Speakers/Trainers ==
@@ -27,22 +27,10 @@
# --define "cachedir <dir>" Configure with --with-cachedir=<dir>.
#
-%if 0%{!?distro:1}
-%if "%{_vendor}" == "redhat"
-%define distro RedHat
-%else
-%if "%{_vendor}" == "suse"
-%define distro SuSE
-%else
unique challenges in securing Open Source software. This includes
activities such as flaw discovery, understanding, reporting, and overall
best practices.
The oss-security community was initially founded by individuals from
Foresight Linux, Mandriva, Openwall, and Red Hat and has since grown to
include contributions from many other projects and individuals. The
computing resources are currently graciously donated by the Openwall
Project.
If you have an interest in the Open Source security space, you are
Hash: SHA1
CVE requests can be sent to cve@mitre.org or to me directly. My PGP
key is below, or accessible from the MIT public key server.
Alternately, you can request them from Candidate Numbering Authorities
(CNAs) which include the security teams at Red Hat, Microsoft, and
Debian, or third-party coordinators including iDefense and CERT/CC.
The amount of information you need to provide can vary and is somewhat
negotiable. We need to be sure how many CVEs to assign.
> *
> * In the interest of public safety, this exploit was specifically designed to
> * be limited:
> *
> * * The particular symbols I resolve are not exported on Slackware or Debian
> * * Red Hat does not support Econet by default
> * * CVE-2010-3849 and CVE-2010-3850 have both been patched by Ubuntu and
> * Debian
> *
> * However, the important issue, CVE-2010-4258, affects everyone, and it would
> * be trivial to find an unpatched DoS under KERNEL_DS and write a slightly
* Helge Blischke reported a double free() vulnerability in the
process_browse_data() function when adding or removing remote shared
printers (CVE-2008-0882).
* Tomas Hoger (Red Hat) reported that the gif_read_lzw() function
uses the code_size value from GIF images without properly checking
it, leading to a buffer overflow (CVE-2008-1373).
* An unspecified input validation error was discovered in the HP-GL/2
filter (CVE-2008-0053).
Vulnerable SUID script in (nomachine) NX Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian hosts)
21 September 2011
NGS Secure has discovered a High risk vulnerability in (nomachine) NX Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian hosts).
Impact: Arbitrary files can be read with root privileges
The fix was rated critical by the vendor and short term patch was to remove the offending script.
system which allow local users to cause a kernel oops leading to a denial
of service.
CVE-2011-4127
Paolo Bonzini of Red Hat reported an issue in the ioctl passthrough
support for SCSI devices. Users with permission to access restricted
portions of a device (e.g. a partition or a logical volume) can obtain
access to the entire device by way of the SG_IO ioctl. This could be
exploited by a local user or privileged VM guest to achieve a privilege
escalation.
* Thomas Garnier of SkyRecon Systems reported an unspecified
vulnerability in a JavaScript method, related to an "input validation
issue" (CVE-2008-4814).
* Josh Bressers of Red Hat reported an untrusted search path
vulnerability (CVE-2008-4815).
* Peter Vreugdenhil reported through iDefense that the Download
Manager can trigger a heap corruption via calls to the AcroJS
function (CVE-2008-4817).
Problem Description:
Multiple vulnerabilities has been found and corrected in acpid:
A certain Red Hat patch for acpid 1.0.4 effectively triggers a call
to the open function with insufficient arguments, which might allow
local users to leverage weak permissions on /var/log/acpid, and obtain
sensitive information by reading this file, cause a denial of service
by overwriting this file, or gain privileges by executing this file
(CVE-2009-4033).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022
ACKNOWLEDGMENTS
===============
This issue was discovered by Keiichi Mori of Red Hat.
CONTACT
=======
The MIT Kerberos Team security contact address is
> *
> * In the interest of public safety, this exploit was specifically designed to
> * be limited:
> *
> * * The particular symbols I resolve are not exported on Slackware or Debian
> * * Red Hat does not support Econet by default
> * * CVE-2010-3849 and CVE-2010-3850 have both been patched by Ubuntu and
> * Debian
> *
> * However, the important issue, CVE-2010-4258, affects everyone, and it would
> * be trivial to find an unpatched DoS under KERNEL_DS and write a slightly
*
* In the interest of public safety, this exploit was specifically designed to
* be limited:
*
* * The particular symbols I resolve are not exported on Slackware or Debian
* * Red Hat does not support Econet by default
* * CVE-2010-3849 and CVE-2010-3850 have both been patched by Ubuntu and
* Debian
*
* However, the important issue, CVE-2010-4258, affects everyone, and it would
* be trivial to find an unpatched DoS under KERNEL_DS and write a slightly
OpenOffice.org package that allows malformed documents to trick the
system into crashes or even the execution of arbitrary code.
CVE-2010-3450
During an internal security audit within Red Hat, a directory
traversal vulnerability has been discovered in the way
OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If
a local user is tricked into opening a specially-crafted OOo XML
filters package file, this problem could allow remote attackers to
create or overwrite arbitrary files belonging to local user or,
Next Page>>
|
|
|
