Red Hat Security Advisory 2015-0101-01 – The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
Monthly Archives: January 2015
Cisco Meraki Systems Manager Multiple Vulnerabilities
Posted by Denis Andzakovic on Jan 29
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Fortinet FortiAuthenticator Multiple Vulnerabilities
Posted by Denis Andzakovic on Jan 29
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Fortinet FortiClient Multiple Vulnerabilities
Posted by Denis Andzakovic on Jan 29
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Fortinet FortiOS Multiple Vulnerabilities
Posted by Denis Andzakovic on Jan 29
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Kaseya BYOD Gateway Multiple Vulnerabilities
Posted by Denis Andzakovic on Jan 29
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Kaseya Browser Android Path Traversal
Posted by Denis Andzakovic on Jan 29
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation
Posted by KoreLogic Disclosures on Jan 29
KL-001-2015-001 : Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation
Title: Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2015-001
Publication Date: 2015.01.28
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2015-001.txt
1. Vulnerability Details
Affected Vendor: Microsoft
Affected Product: TCP/IP Protocol Driver
Affected Version:…
AirWatch Multiple Direct Object References
Posted by Denis Andzakovic on Jan 29
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Re: CVE-2015-1169 – CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards.
Posted by Paul B. Henson on Jan 29
This CVE claims CAS has a vulnerability that “allows remote attackers to
bypass LDAP authentication via crafted wildcards”. My understanding of
an “authentication bypass” vulnerability is one that actually bypasses
authentication, accessing a resource without having to authenticate, as
enumerated at http://cwe.mitre.org/data/definitions/592.html
The actual vulnerability here is that if you are using the LDAP
authenticator…