The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user’s UsrClass.dat registry hive, aka MSRC ID 20674 or “Microsoft User Profile Service Elevation of Privilege Vulnerability.”
Monthly Archives: January 2015
CVE-2015-0006
The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka “NLA Security Feature Bypass Vulnerability.”
CVE-2015-0011
mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka “WebDAV Elevation of Privilege Vulnerability.”
CVE-2015-0014
Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka “Windows Telnet Service Buffer Overflow Vulnerability.”
CVE-2015-0015
Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka “Network Policy Server RADIUS Implementation Denial of Service Vulnerability.”
CVE-2015-0016
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka “Directory Traversal Elevation of Privilege Vulnerability.”
What to do before your smart phone is lost
Be prepared.
That’s good advice for hosting a Super Bowl party, going to a job interview, or if you lose your phone.
Not being prepared could prove disastrous in all three of those examples, but most people would agree that losing their phone with all the contacts, text messages, photos, and other irreplaceable data is worse than forgetting the Doritos or not answering an interview question well.
If you happen to lose your Android smart phone or tablet, or if someone steals it from you, do not despair. Our clever, FREE app, Avast Anti-theft, will help you find your phone and even, catch the thief.
What is Avast Anti-Theft?
Avast Anti-Theft is a free standalone application designed for Android smart phones and tablets. It’s main purpose is to help you locate your lost or stolen mobile device, allowing you to track it on a map and control it remotely. Since Anti-Theft is a separate application from Avast Mobile Security & Antivirus, it is completely invisible when it is running so that thieves don’t even know it’s there.
This infographic explains what you can do with your phone if you discover that it’s missing.
Locate your device on a map
Remotely locate your phone via GPS, Wi-Fi, or mobile network – for maximum accuracy.
Remotely lock your phone
Remotely lock your phone to prevent access to your personal data and settings.
Activate a siren remotely
Activate a loud, customizable siren, which reverts to maximum volume if thieves try to silence it.
If you spring for the paid version of Avast Anti-Theft, you get some additional, powerful features.
Take a photo of a would-be thief
You can set your device to lock access and take a picture of the person attempting to unlock it after three failed tries.
Remote data retrieval from your device
Retrieve call logs, SMS messages, and other personal data from your phone.
Avast Anti-Theft is available on Google Play, where it can be downloaded for free.
Fedora EPEL 5 Security Update: libsndfile-1.0.17-6.el5
Fedora EPEL 6 Security Update: chicken-4.9.0.1-2.el6
Resolved Bugs
1181483 – chicken: buffer overflow vulnerability in CHICKEN Scheme’s substring-index[-ci] procedures
1181485 – chicken: buffer overflow vulnerability in CHICKEN Scheme’s substring-index[-ci] procedures [epel-all]
1181484 – chicken: buffer overflow vulnerability in CHICKEN Scheme’s substring-index[-ci] procedures [fedora-all]
1104019 – chicken-4.9.0.1 is available<br
Patches security vulnerability discussed here:
https://bugzilla.redhat.com/show_bug.cgi?id=1181483
Latest upstream release.
Latest upstream release.