Säkerhet

Debian: 3722-1: vim: Summary

Linux Security - fre, 2016-11-25 18:16
Kategorier: Säkerhet

Blue Team Training Toolkit (BT3) 2.1

Packet storm - ons, 2016-11-23 17:38
Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
Kategorier: Säkerhet

FireHOL 3.0.2

Packet storm - ons, 2016-11-23 17:38
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
Kategorier: Säkerhet

Linux Kernel 4.6.3 Netfilter Privilege Escalation

Packet storm - ons, 2016-11-23 17:36
This Metasploit module attempts to exploit a netfilter bug on Linux Kernels before 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation.
Kategorier: Säkerhet

Linux Kernel 2.6.x pipe.c Privilege Escalation

Packet storm - ons, 2016-11-23 17:31
Linux kernel versions 2.6.10 up to but not including 2.6.31.5 pipe.c privilege escalation exploit.
Kategorier: Säkerhet

Linux Kernel 2.6.32-rc1 x86_64 Register Leak

Packet storm - ons, 2016-11-23 17:30
Linux kernel version 2.6.32-rc1 x86_64 register leak proof of concept code.
Kategorier: Säkerhet

Linux Kernel 2.6.18 move_pages() Information Leak

Packet storm - ons, 2016-11-23 17:28
Linux kernel version 2.6.18 suffers from a move_pages() information leak vulnerability.
Kategorier: Säkerhet

Olympia Protect 9061 Replay Attack

Packet storm - ons, 2016-11-23 17:25
Olympia Protect 9061 article number 5943 revision 03 suffers from missing protection against replay attacks.
Kategorier: Säkerhet

EASY HOME Alarmanlagen-Set MAS-S01-09 Replay Attack

Packet storm - ons, 2016-11-23 17:23
EASY HOME Alarmanlagen-Set MAS-S01-09 suffers from missing protection against replay attacks.
Kategorier: Säkerhet

Chrome Blink SpeechRecognitionController Use-After-Free

Packet storm - ons, 2016-11-23 17:22
A specially crafted web-page can cause the blink rendering engine used by Google Chrome and Chromium to continue to use a speech recognition API object after the memory block that contained the object has been freed. An attacker can force the code to read a pointer from the freed memory and use this to call a function, allowing arbitrary code execution. Google Chrome version 39.0 is affected.
Kategorier: Säkerhet

Red Hat Security Advisory 2016-2820-01

Packet storm - ons, 2016-11-23 17:20
Red Hat Security Advisory 2016-2820-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.
Kategorier: Säkerhet

Red Hat Security Advisory 2016-2819-01

Packet storm - ons, 2016-11-23 17:20
Red Hat Security Advisory 2016-2819-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.
Kategorier: Säkerhet

Linux Kernel 2.6.32-642 / 3.16.0-4 Inode Integer Overflow

Packet storm - ons, 2016-11-23 17:18
Linux kernels 2.6.32-642 and 3.16.0-4 inode integer overflow proof of concept exploit.
Kategorier: Säkerhet

Mobile Security Framework MobSF 0.9.3 Beta

Packet storm - ons, 2016-11-23 02:49
Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.
Kategorier: Säkerhet