Posted by up201407890 on Sep 19
Federico Bento <up201407890 () alunos dcc fc up pt>
So recently i’ve encountered a post by Kurt Seifried of RedHat on
oss-sec’s mailing list entitled “Terminal escape sequences – the new
XSS for admins?”
http://www.openwall.com/lists/oss-security/2015/08/11/8
This is a little misleading title, since escape sequences have been
introduced circa 70’s, so it’s actually not that new.
How it technically…
Posted by Dirk on Sep 19
Hi,
version 2.6 of the SSL/TLS checker “testssl.sh” is out!
testssl.sh is a free command line tool which checks a server’s service
on any port for the support of TLS/SSL ciphers, protocols as well as
recent cryptographic flaws and it much more.
It is written in (pure) bash, makes only use of standard Unix utilities,
openssl and last but not least bash sockets.
Version 2.6 includes major improvements (ids from github):
*…
Johannes Kliemann discovered a vulnerability in ownCloud Desktop Client,
the client-side of the ownCloud file sharing services. The vulnerability
allows man-in-the-middle attacks in situations where the server is using
self-signed certificates and the connection is already established. If
the user in the client side manually distrusts the new certificate, the
file syncing will continue using the malicious server as valid.
This Metasploit module exploits an SEH overflow in Konica Minolta FTP Server 1.00. Konica Minolta FTP fails to check input size when parsing ‘CWD’ commands, which leads to an SEH overflow. Konica FTP allows anonymous access by default; valid credentials are typically unnecessary to exploit this vulnerability.
A vulnerability within the ndvbs module allows an attacker to inject memory they control into an arbitrary location they define. This vulnerability can be used to overwrite function pointers in HalDispatchTable resulting in an elevation of privilege. suffers from code execution, and local file inclusion vulnerabilities.
Apple Security Advisory 2015-09-16-4 – OS X Server 5.0.3 is now available and addresses denial of service, code execution, and various other vulnerabilities.