include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.
Monthly Archives: May 2015
CVE-2015-2666 (linux_kernel)
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.
CVE-2015-2922 (linux_kernel)
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
CVE-2015-2830 (linux_kernel)
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
CVE-2015-3331 (linux_kernel)
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
CVE-2015-3332 (linux_kernel)
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.
CVE-2015-3339 (linux_kernel)
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.
100,000 Tax Accounts Breached Through IRS “Get Transcript†App
While nothing is impossible to breach you’d think that it would be really really hard to gain access to information like the one from the IRS. At least that’s what I thought – until I saw their press release today. According to the statement cybercriminals managed to illegally gain access to data from about 100,000 accounts by using the IRS’ very own “Get Transcript” app. Accessed data include things like addresses, birthdates, Social Security information, and the tax filing statuses.
Now don’t misunderstand the situation: The IRS has not been hacked. Well. Not in the usual sense of the word anyway. “These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer”, explains the IRS statement. What does that mean? The criminals collected a lot of data and information on a lot of unlucky people – be it through phishing of by buying data from shady online sources – and used them to actually access taxpayers past tax records.
According to the information supplied the attackers tried to access 200,000 accounts between February and mid-May which leaves them with a success rate of 50%.
Once the IRS identified the questionable attempts to gain access to its data it decided to shut down the “Get Transcript” app temporarily. The whole affair is now also under investigation of the Treasury Inspector General for Tax Administration and the IRS’ Criminal Investigation unit.
The IRS closes the statement with the following: “The IRS will be working aggressively to protect affected taxpayers and strengthen our protocols even further going forward.”
The post 100,000 Tax Accounts Breached Through IRS “Get Transcript” App appeared first on Avira Blog.
Aruba ClearPass Policy Manager 6.4 Cross Site Scripting
Aruba ClearPass Policy Manager version 6.4 suffers from a stored cross site scripting vulnerability.
Fedora 20 Security Update: ipsec-tools-0.8.2-1.fc20
Resolved Bugs
1223420 – ipsec-tools: NULL pointer dereference in racoon/gssapi.c [fedora-all]
1154906 – Please upgrade to ipsec-tools-0.8.2 to fix port 4500 vs 500 isakmp initiator issue
952413 – Enhancement request: Include support for Calling-Station-Id attribute for xauth RADIUS requests – PATCH
1223419 – CVE-2015-4047 ipsec-tools: NULL pointer dereference in racoon/gssapi.c<br
Upgraded to 0.8.2, fix for CVE-2015-4047, support for Calling-Station-Id