info@unhackable.org Phone: +877 547 3638

CVE-2016-1531 Exim MTA Privilege Escalation Vulnerability

Version Git tag ——————————— Exim 4.84.2 exim-4_84_2 Exim 4.85.2 exim-4_85_2 Exim 4.86.2 exim-4_86_2 Exim 4.87 RC 5 exim-4_87_RC5 (It’s an updated version of 4.8{4,5,6}.1, fixing minor portability issues for *BSD and OS/X). The known download area contains packed tarballs. The tarballs for fixed older versions (4.84.2, 4.85.2) are below the old/ directory. Every tarball and […]

Read More »

CVE-2016-0800: DROWN OpenSSL vulnerability / SSLv2 disabled

OpenSSL Security Advisory [1st March 2016] ========================================= NOTE: With this update, OpenSSL is disabling the SSLv2 protocol by default, as well as removing SSLv2 EXPORT ciphers. We strongly advise against the use of SSLv2 due not only to the issues described below, but to the other known deficiencies in the protocol as described at https://tools.ietf.org/html/rfc6176 […]

Read More »

CVE-2016-0739: libssh 0.1 and later vulnerable

======================================================================= == Subject: Weakness in diffie-hellman secret key generation == == CVE ID#: CVE-2016-0739 == == Versions: All versions of libssh 0.1 and later == == Summary: Due to a bug in the ephemeral secret key generation for == the diffie-hellman-group1 and diffie-hellman-group14 == methods, ephemeral secret keys of size 128 bits are == generated, […]

Read More »

WordPress WP-Super-Cache plugin XSS vulnerability

Million of WordPress websites using the WP-Super-Cache are exposed to the risk of attack due to a critical vulnerability affecting the popular plugin. The WP-Super-Cache plugin, is normally used to improve the performance of the WordPress website because it generates static HTML files from dynamic WordPress blogs. The critical persistent cross-site scripting vulnerability was reported […]

Read More »

CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow

On January 27th, 2015 a buffer overflow was discovered and disclosed within the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions. Like all serious vulnerabilities recently, it has been given an affectionate nickname of “GHOST“. As many of you may already know, glibc […]

Read More »

How to scan access_log for Shellshock attempts via httpd

In the previous post, we announced the discovery of the remote bash vulnerability which has been dubbed “Shellshock” throughout the security and Linux communities. As you may know, bash supports exporting shell variables as well as shell functions to other bash instances. This is accomplished through the process environment to a child process. We previously […]

Read More »

Remote vulnerability in bash – patches available for CVE-2014-6271, CVE-2014-7169

Bash or the Bourne again shell, is a UNIX like shell, which is perhaps one of the most installed utilities on any Linux system. From its creation in 1980, bash has evolved from a simple terminal based command interpreter to many other fancy uses. In Linux, environment variables provide a way to influence the behavior […]

Read More »

glibc arbitrary code execution vulnerability (CVE-2014-0475 and CVE-2014-5119)

Two new vulnerabilities deemed as Important severity have been discovered and patched in glibc libraries. In order for updates to take effect, a service restart for all daemons with a glibc dependency must occur. This includes, but is not limited to: Apache, MySQL Mail S ervices, SSH, etc. ===================================================================== Red Hat Security Advisory Synopsis: Important: […]

Read More »

CVE-2014-5119 glibc __gconv_translit_find() exploit

Date: Mon, 25 Aug 2014 19:00:15 -0700 From: Tavis Ormandy To: fulldisclosure@…lists.org, oss-security@…ts.openwall.com Subject: CVE-2014-5119 glibc __gconv_translit_find() exploit List, back in July, I described CVE-2014-5119, a fiendish single-fixed-byte heap metadata overflow in the glibc internal routine __gconv_translit_find(). This is caused by the file extension being incorrectly appended to the transliteration module filename. The result is […]

Read More »