FreeBSD, NetBSD Security Vulnerabilities

Lynis 2.7.3 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

[SECURITY] [DLA 1664-1] golang security update

Package : golang Version : 2:1.3.3-1+deb8u1 CVE ID : CVE-2019-6486 Debian Bug : #920548 It was discovered that there was a denial of service vulnerability or possibly even the ability to conduct private key recovery attacks within in the elliptic curve cryptography...

Marvell Avastar wireless SoCs have multiple vulnerabilities

Overview Some Marvell Avastar wireless system on chip (SoC) models have multiple vulnerabilities, including a block pool overflow during Wi-Fi network scan. Description A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs (models 88W8787,...

[SECURITY] [DSA 4380-1] golang-1.8 security update

Debian Security Advisory DSA-4380-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2019 https://www.debian.org/security/faq Package : golang-1.8 CVE ID : CVE-2018-6574 CVE-2018-7187...

[SECURITY] [DSA 4379-1] golang-1.7 security update

Debian Security Advisory DSA-4379-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2019 https://www.debian.org/security/faq Package : golang-1.7 CVE ID : CVE-2018-7187 CVE-2019-6486 A...

Security Bulletin: Multiple vulnerabilities in php affect IBM Flex System Manger (FSM)

Summary There are multiple vulnerabilities in php that is included in IBM Flex System Manager (FSM). This bulletin addresses these vulnerabilities. Vulnerability Details Summary There are multiple vulnerabilities in php that is included in IBM Flex System Manager (FSM). This bulletin addresses...

Denial Of Service (DoS)

bind is vulnerable to denial of service (DoS) attacks. The vulnerability exists as ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a.....

Denial Of Service (DoS) Through Memory Consumption

OpenSSL is vulnerable to denial of service (DoS) attacks. These attacks are possible because there is a memory leak in d1_srtp.c which allows remote attackers to consume all the memory through a handshake...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service (DoS). A flaw in OpenSSL allows attackers to a double free to occur through DTLS...

Denial Of Service (DoS)

php is vulnerable to denial of service (DoS) attacks. The vulnerability exists through an Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including...

Aircrack-ng 1.5 - Complete Suite Of Tools To Assess WiFi Network Security

Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and...

Making CVE-1999-0016 (landc) vulnerability detection script for Windows NT

The fair question is why in 2018 someone might want to deal with Windows NT and vulnerabilities in it. Now Windows NT is a great analogue of DVWA (Damn Vulnerable Web Application), but for operating systems. There are a lot of well-described vulnerabilities with ready-made exploits. A great tool...

Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update

Overview Texas Instruments CC2640 and CC2650 microcontrollers are vulnerable to a heap overflow and may allow unauthenticated firmware installation. Description CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2018-16986 - also known as BLEEDINGBIT The following....

Lynis 2.7.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

testssl.sh - Testing TLS/SSL Encryption Anywhere On Any Port

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Key features Clear output: you can tell easily whether anything is good or bad Ease of installation: It works for Linux,...

Aircrack-ng 1.4 - Complete Suite Of Tools To Assess WiFi Network Security

Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and...

Ettercap - A Comprehensive Suite For Man In The Middle Attacks

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ETTERCAP.....

Automatic DNS registration and proxy autodiscovery allow spoofing of network services

Overview Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Description The Web Proxy...

Lynis 2.6.8 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities

Overview Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript...

Linux kernel IP fragment re-assembly vulnerable to denial of service

Overview The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets. Description CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - CVE-2018-5391 The Linux kernel, versions 3.9+, is vulnerable to a....

Hashcat v4.2.1 - World's Fastest and Most Advanced Password Recovery Utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable.....

Lynis 2.6.7 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

TCP implementations vulnerable to Denial of Service

Overview The Linux kernel versions 4.9+ and supported versions of FreeBSD are vulnerable to denial of service conditions with low rates of specially modified packets. Description CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - CVE-2018-5390 Linux kernel versions 4.9+ can be...

Aircrack-ng 1.3 - Complete Suite Of Tools To Assess WiFi Network Security

Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and...

Lynis 2.6.6 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

Lynis 2.6.5 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

Overview CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". Description Speculative execution is a technique used by many modern processors to improve performance by...

FreeRADIUS Server Configuration Tool

Developed for the Linux operating system and written in the python programming language. The purpose of the program is to configure the FreeRADIUS server easily and quickly. To get a grasp of what FreeRADIUS is, it would help to firstly understand what the concept RADIUS stands for: RADIUS :...

Hardware debug exception documentation may result in unexpected behavior

Overview In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions,....

FreeBSD : ipsec-tools -- remotely exploitable computational-complexity attack (974a6d32-3fda-11e8-aea4-001b216d295b)

Robert Foggia via NetBSD GNATS reports : The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly...

Nmap 7.70 - Free Security Scanner: Better service and OS detection, 9 new NSE scripts, new Npcap, and much more

Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP...

Lynis 2.6.2 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

Lynis 2.6.1 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

Lynis 2.5.9 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security (wls-wsat) component that could allow an unauthenticated remote attacker who has HTTP access...

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security (wls-wsat) component that could allow an unauthenticated remote attacker who has HTTP access...

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security (wls-wsat) component that could allow an unauthenticated remote attacker who has HTTP access...

CPU hardware vulnerable to side-channel attacks

Overview CPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre. Description CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Both Spectre and Meltdown take...

Lynis 2.5.8 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

Unsupervised Coverage-Guided Kernel Fuzzer: syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it’s being extended to support other...

tnftp (savefile) Arbitrary Command Execution Exploit

This Metasploit module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last....

tnftp "savefile" Arbitrary Command Execution

...

tnftp - 'savefile' Arbitrary Command Execution (Metasploit)

...

tnftp "savefile" Arbitrary Command Execution

This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component.....

Hashcat v4.0 - World's Fastest and Most Advanced Password Recovery Utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable.....

Lynis 2.5.7 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

Overview Wi-Fi Protected Access (WPA, more commonly WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities.....

Google Warns of DoS and RCE Bugs in Dnsmasq

Seven flaws in what is known as Dnsmasq can be exploited by attackers who can use the bugs to carry out remote code execution, information exposure or a denial of service attacks against affected devices. Google researchers identified the flaws in a research paper published Monday, the same day a.....

[SECURITY] Fedora 26 Update: ejabberd-17.01-3.fc26

ejabberd is a Free and Open Source distributed fault-tolerant Jabber/XMPP server. It is mostly written in Erlang, and runs on many platforms (tested on Linux, FreeBSD, NetBSD, Solaris, Mac OS X and Windows...