This archive contains 190 exploits that were added to Packet Storm in November, 2015.
Monthly Archives: November 2015
DSA-3410 icedove – security update
Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
integer overflows, buffer overflows and other implementation errors may
lead to the execution of arbitrary code or denial of service.
DSA-3409 putty – security update
A memory-corrupting integer overflow in the handling of the ECH (erase
characters) control sequence was discovered in PuTTY’s terminal
emulator. A remote attacker can take advantage of this flaw to mount a
denial of service or potentially to execute arbitrary code.
DSA-3408 gnutls26 – security update
It was discovered that GnuTLS, a library implementing the TLS and SSL
protocols, incorrectly validates the first byte of padding in CBC modes.
A remote attacker can possibly take advantage of this flaw to perform a
padding oracle attack.
Brocade Fabric OS 6.3.1b Weak System Configuration
Brocade Fabric OS version 6.3.1b suffers from multiple weak system configuration issues that can result in system compromise. You actually have to go out of your way to break basic Linux security this badly.
Ubuntu Security Notice USN-2821-1
Ubuntu Security Notice 2821-1 – It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack.
LibRaw 0.17 Overflow
LibRaw versions 0.17 and below suffer from multiple memory errors that can result in code execution or other problems.
Bugtraq: Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 — Advanced Information Security Corporation
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 — Advanced Information Security Corporation
Bugtraq: Proftpd 1.3.5a LATEST (0-day) Follow-up report (Part 2), Patch released!! 29/11/2015 — Advanced Information Security Corporation
Proftpd 1.3.5a LATEST (0-day) Follow-up report (Part 2), Patch released!! 29/11/2015 — Advanced Information Security Corporation
Bugtraq: LSE Leading Security Experts GmbH – LSE-2015-10-14 – HumHub SQL-Injection
LSE Leading Security Experts GmbH – LSE-2015-10-14 – HumHub SQL-Injection