Posted by Mustafa Al-Bassam on Jun 14
Advisory: E-Detective Lawful Interception System
multiple security vulnerabilities
Date: 14/06/2015
CVE: unassigned
Authors: Mustafa Al-Bassam (https://musalbas.com)
slipstream/RoL (https://twitter.com/TheWack0lian)
Software: Decision Group E-Detective Lawful Interception System
Vendor URL: http://www.edecision4u.com/
Software description:
“E-Detective is a…
Resolved Bugs
1230537 – CVE-2015-3209 xen: qemu: pcnet: multi-tmd buffer overflow in the tx path [fedora-all]
1225882 – CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path<br
stubs-32.h is back, so revert to previous behaviour.
Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209].
GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163].
vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164].
Resolved Bugs
1230537 – CVE-2015-3209 xen: qemu: pcnet: multi-tmd buffer overflow in the tx path [fedora-all]
1225882 – CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path<br
Heap overflow in QEMU PCNET controller, allowing guest->host escape
[XSA-135, CVE-2015-3209].
GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163].
vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164].
update to 9.3.9 minor release
update to 9.3.8 per release notes
update to 9.3.7 per release notes
update to 9.4.4 minor release
Resolved Bugs
1223846 – CVE-2015-4103 xen: potential unintended writes to host MSI message data field via qemu (xsa-128)
1223851 – CVE-2015-4104 xen: PCI MSI mask bits inadvertently exposed to guests (xsa-129)
1223853 – xen: guest triggerable qemu MSI-X pass-through error messages (xsa-130)
1223859 – xen: unmediated PCI register access in qemu (xsa-131)
1230537 – CVE-2015-3209 xen: qemu: pcnet: multi-tmd buffer overflow in the tx path [fedora-all]
1225882 – CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path
1227627 – CVE-2015-4103 xen: potential unintended writes to host MSI message data field via qemu (xsa-128) [fedora-all]
1227628 – CVE-2015-4104 xen: PCI MSI mask bits inadvertently exposed to guests (xsa-129) [fedora-all]
1227629 – CVE-2015-4105 xen: guest triggerable qemu MSI-X pass-through error messages (xsa-130) [fedora-all]
1227631 – CVE-2015-4106 xen: unmediated PCI register access in qemu (xsa-131) [fedora-all]<br
Heap overflow in QEMU PCNET controller, allowing guest->host escape
[XSA-135, CVE-2015-3209] (#1230537)
GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163]
vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]
Potential unintended writes to host MSI message data field via qemu
[XSA-128, CVE-2015-4103],
PCI MSI mask bits inadvertently exposed to guests [XSA-129,
CVE-2015-4104],
Guest triggerable qemu MSI-X pass-through error messages [XSA-130,
CVE-2015-4105],
Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106]
update to 9.3.9 minor release
update to 9.3.8 per release notes
update to 9.3.7 per release notes
Posted by Bruno Luiz on Jun 14
Impact
A non-privileged use could cause a local Denial-of-Service (DoS) condition by triggering a kernel panic through a
malformed ELF
executable.
The kernel panic is reached at the UVM (virtual memory) subsystem. There are different if-else validations inside
uvm_map(),and
uvm_map_vmspace_update() is called in the last else block as follows:
sys/uvm/uvm_map.c:
if (flags & UVM_FLAG_FIXED) {
…
} else if (*addr != 0 && (*addr…
N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers’ installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.
Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page.