Published reports say that AT&T was the National Security Agency’s primary telecommunications partner and facilitated much of its surveillance efforts around telephone and Internet traffic collection.
Monthly Archives: August 2015
CESA-2015:1636 Moderate CentOS 6 net-snmpSecurity Update
CentOS Errata and Security Advisory 2015:1636 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1636.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 7d65259ba49262f4ea465792df17021150b88fb631bb6cc9fb78c3e2afcc7b13 net-snmp-5.5-54.el6_7.1.i686.rpm f83198ba53fce0cc539c5169e5bf88ef8a0c3187f3dd52a7724b7fb0a97f96f0 net-snmp-devel-5.5-54.el6_7.1.i686.rpm 9a34af03c1839856b2d9cacfbdd5ec57b01b5896e28cac747d84529259d8767f net-snmp-libs-5.5-54.el6_7.1.i686.rpm 487672e30702060c654d92ec3a43685826cd85245aad5dc24b35ec52bcad4de1 net-snmp-perl-5.5-54.el6_7.1.i686.rpm 6c7dc314d6ea6f56809e758c8f78c8da9ee8e81021d7626d7af1713bb87fa823 net-snmp-python-5.5-54.el6_7.1.i686.rpm 79f7df2a8dac6f308cd01edbc35d3934e168a9ab6e84ad2abdf14e9ba7def4ec net-snmp-utils-5.5-54.el6_7.1.i686.rpm x86_64: 69cb14e6e321febc217ad5c390932fa21c2b07309e4b9930c388863d2dfe04f8 net-snmp-5.5-54.el6_7.1.x86_64.rpm f83198ba53fce0cc539c5169e5bf88ef8a0c3187f3dd52a7724b7fb0a97f96f0 net-snmp-devel-5.5-54.el6_7.1.i686.rpm 33a82dca22cddcfbc51e70efd11611acc0e4b63c2f2dc514bd80fbaa65fa95ec net-snmp-devel-5.5-54.el6_7.1.x86_64.rpm 9a34af03c1839856b2d9cacfbdd5ec57b01b5896e28cac747d84529259d8767f net-snmp-libs-5.5-54.el6_7.1.i686.rpm 4a61ae0b35a4fd7e373590936fd252963e67e9a29aae70c6b33ea1e885de7cb9 net-snmp-libs-5.5-54.el6_7.1.x86_64.rpm e17ac047fd00ae061b75e248aaccf73c09f6d6744174f88bfea2a9346d60997b net-snmp-perl-5.5-54.el6_7.1.x86_64.rpm 761e7fdec93c5f0ff1bdd76437b41a25615e0f840cb615574308e70415071d42 net-snmp-python-5.5-54.el6_7.1.x86_64.rpm f5e5160005b74badbdc1b448cacf35285aba6ab605231d4984c6c71251d56c83 net-snmp-utils-5.5-54.el6_7.1.x86_64.rpm Source: fca7ec6f841a900120a60473d1de25818183b84f424ac6e9a1914249876c048d net-snmp-5.5-54.el6_7.1.src.rpm
Symantec Endpoint Protection Manager Authentication Bypass / Code Execution
This Metasploit module exploits three separate vulnerabilities in Symantec Endpoint Protection Manager in order to achieve a remote shell on the box as NT AUTHORITYSYSTEM. The vulnerabilities include an authentication bypass, a directory traversal and a privilege escalation to get privileged code execution.
VideoCharge Studio Buffer Overflow (SEH)
This Metasploit module exploits a stack based buffer overflow in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of VideoCharge Studio to open a malicious .VSC file.
Werkzeug Debug Shell Command Execution
This Metasploit module will exploit the Werkzeug debug console to put down a Python shell. This debugger “must never be used on production machines” but sometimes slips passed testing. Tested against 0.9.6 on Debian, 0.9.6 on Centos, 0.10 on Debian.
RSA BSAFE Crypto Attacks / Denial Of Service
RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C all suffer from various crypto, denial of service, and underflow vulnerabilities.
RHSA-2015:1635-1: Moderate: sqlite security update
Red Hat Enterprise Linux: An updated sqlite package that fixes three security issues is now available
for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
RHSA-2015:1634-1: Moderate: sqlite security update
Red Hat Enterprise Linux: An updated sqlite package that fixes one security issue is now available
for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2015-3416
RHSA-2015:1633-1: Moderate: subversion security update
Red Hat Enterprise Linux: Updated subversion packages that fix three security issues are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-0248, CVE-2015-0251, CVE-2015-3187
RHSA-2015:1630-1: Important: rh-mysql56-mysql security update
Red Hat Enterprise Linux: Updated rh-mysql56-mysql packages that fix several security issues are now
available for Red Hat Software Collections 2.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772