info@unhackable.org Phone: +877 547 3638

CVE-2014-5119 glibc __gconv_translit_find() exploit

Date: Mon, 25 Aug 2014 19:00:15 -0700 From: Tavis Ormandy To: fulldisclosure@…lists.org, oss-security@…ts.openwall.com Subject: CVE-2014-5119 glibc __gconv_translit_find() exploit List, back in July, I described CVE-2014-5119, a fiendish single-fixed-byte heap metadata overflow in the glibc internal routine __gconv_translit_find(). This is caused by the file extension being incorrectly appended to the transliteration module filename. The result is […]

Read More »

SimFS (VZ / OpenVZ) Security Vulnerability #PSBM-27641, #CVE-2014-3519

***UPDATE IMMEDIATELY – Vulnerability in simfs virtual filesystem*** A critical vulnerability in the legacy simfs Container filesystem was fixed. This affects OpenVZ and Parallels Virtuozzo Containers based on vzfs. Note: ploop filesystems were not affected. References: http://www.webhostingtalk.com/showpo…0&postcount=38 https://openvz.org/Download/kernel/rhel6/042stab090.5 http://kb.parallels.com/en/122142

Read More »

Several Vulnerabilities in Mozilla Firefox, Thunderbird, Seamonkey

Updated software packages for Mozilla Firefox, Thunderbird, Seamonkey that fixes several recently discovered security issues is now available for nearly all operating systems and platforms. You should upgrade your software immediately! Patched and Secure Versions If you are not using one of the versions below, you are vulnerable. Firefox 18.0 Firefox ESR 10.0.12 Firefox ESR […]

Read More »

2 Joomla SQL Injection Vulnerabilities Discovered

Two SQL Injection vulnerabilities were recently detected in the com_package and com_photo modules of the joomla Content Management System. Remote attackers & low privileged user accounts can execute/inject own sql commands to compromise the application database. The vulnerability is located in the com_package module with the bound vulnerable id parameter. Successful exploitation of the vulnerability […]

Read More »

bind9 denial of service (remote) (CVE-2012-3817)

Package : bind9 Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2012-3817 Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialization. As a result, an attacker can trigger and assertion failure on servers under high query load that do DNSSEC validation. […]

Read More »

mySQL vulnerabilities up to 5.1.61, 5.2.11, 5.3.5, 5.5.22

On Saturday afternoon Sergei Golubchik posted to the oss-sec mailing list about a recently patched security flaw (CVE-2012-2122) in the MySQL and MariaDB database servers. This flaw was rooted in an assumption that the memcmp() function would always return a value within the range -127 to 127 (signed character). On some platforms and with certain […]

Read More »

OpenSSL Still vulnerable, fix CVE-2012-2110 not sufficient!

It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 and referenced in this post on unhackable, was not sufficient to correct the issue for OpenSSL 0.9.8. Please see http://www.openssl.org/news/secadv_20120419.txt for details of that vulnerability. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct […]

Read More »

OpenSSL Vulnerabilities – CVE-2012-2110, CVE-2006-7250, CVE-2012-1165

Summary: An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file. Software Description: – openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use […]

Read More »