Jose Duart of the Google Security Team discovered a buffer overflow in
in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file
systems. This issue can possibly lead to arbitrary code execution if
a malicious device is plugged in, the system is configured to
automatically mount it, and the mounting process chooses to run fsck
on the device’s malicious filesystem.
Monthly Archives: February 2015
DSA-3167 sudo – security update
Jakub Wilk reported that sudo, a program designed to provide limited
super user privileges to specific users, preserves the TZ variable from
a user’s environment without any sanitization. A user with sudo access
may take advantage of this to exploit bugs in the C library functions
which parse the TZ environment variable or to open files that the user
would not otherwise be able to open. The later could potentially cause
changes in system behavior when reading certain device special files or
cause the program run via sudo to block.
DSA-3168 ruby-redcloth – security update
Kousuke Ebihara discovered that redcloth, a Ruby module used to
convert Textile markup to HTML, did not properly sanitize its
input. This allowed a remote attacker to perform a cross-site
scripting attack by injecting arbitrary JavaScript code into the
generated HTML.
Defense in depth — the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation
Posted by Stefan Kanthak on Feb 21
Hi @ll,
the MSDN documents the BRAINDEAD behaviour of the functions
CreateProcess() <https://msdn.microsoft.com/en-us/library/ms682425.aspx>,
CreateProcessAsUser() <https://msdn.microsoft.com/en-us/library/ms682429.aspx>
CreateProcessWithLogonW() <https://msdn.microsoft.com/en-us/library/ms682431.aspx>
CreateProcessWithTokenW() <https://msdn.microsoft.com/en-us/library/ms682434.aspx>
for an unquoted “long”…
xaviershay-dm-rails v0.10.3.8 mysql credential exposure
Posted by Larry W. Cashdollar on Feb 21
Title: xaviershay-dm-rails v0.10.3.8 mysql credential exposure
Author: Larry W. Cashdollar, @_larry0
Date: 2015-02-17
Download Site: https://rubygems.org/gems/xaviershay-dm-rails
Vendor: Martin Gamsjaeger, Dan Kubb
Vendor Notified: 2015-02-17
Vendor Contact: notreal [at] rhnh.net
Description: This gem provides the railtie that allows datamapper to hook into rails3 and thus behave like a rails
framework component. Just like activerecord does in…
CVE-2015-0331
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
CVE-2015-0618
Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension headers, aka Bug ID CSCuq95241.
CVE-2015-0624
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.
CVE-2015-0631
Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID CSCui25688.
Say What? Required contents of notice in data breach notifications
With so many data breaches happening these days, Americans are getting a lot of breach notification letters and emails, but do they deliver useful, readable content, other than a general warning to remain vigilant?
The post Say What? Required contents of notice in data breach notifications appeared first on We Live Security.