Posted by Antonio Augusto Santos on Jun 21
Dear,
(Brazilian Portuguese version bellow – Versão em português abaixo)
My name is Antonio Augusto, and I am currently doing a MS in Computer
Science in Brazil. My research focus on the use of Machine Learning
techniques on IDS (Intrusion Detection Systems) alerts.
There has been a lot of work on this area in recent years, which tries to
bring some improvements on the way we deal with alerts. However, the
academia has no way to know which…
Posted by Scott Arciszewski on Jun 21
Hi Full Disclosure readers,
The symmetric-key encryption used in Tutanota is vulnerable to ciphertext
malleability (a.k.a. arbitrary bit rewriting), since they fail to
authenticate their ciphertexts. The offending code snippet (for the Android
version of their app) is here:
I am not the first to discover this…
Sites developed by White Way Systems suffer from a remote SQL injection vulnerability.
Gentoo Linux Security Advisory 201506-1 – Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.466 are affected.
Sites developed by Why Web Developments suffer from a remote SQL injection vulnerability.
Ubuntu Security Notice 2646-2 – The Fix for CVE-2015-1328 introduced a regression into the Linux kernel’s overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Various other issues were also addressed.
Ubuntu Security Notice 2644-2 – The Fix for CVE-2015-1328 introduced a regression into the Linux kernel’s overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Various other issues were also addressed.
Ubuntu Security Notice 2643-2 – The Fix for CVE-2015-1328 introduced a regression into the Linux kernel’s overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Various other issues were also addressed.
Ubuntu Security Notice 2642-2 – The Fix for CVE-2015-1328 introduced a regression into the Linux kernel’s overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Various other issues were also addressed.
Ubuntu Security Notice 2641-2 – The Fix for CVE-2015-1328 introduced a regression into the Linux kernel’s overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Various other issues were also addressed.