FreeBSD Security Advisory – Due to insufficient input validation in OpenSSH, a client which has permission to establish X11 forwarding sessions to a server can piggyback arbitrary shell commands on the data intended to be passed to the xauth tool. An attacker with valid credentials and permission to establish X11 forwarding sessions can bypass other restrictions which may have been placed on their account, for instance using ForceCommand directives in the server’s configuration file.
Monthly Archives: March 2016
FreeBSD Security Advisory – FreeBSD-SA-16:15.sysarch
FreeBSD Security Advisory – A special combination of sysarch(2) arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to invalid use of a signed intermediate value in the bounds checking during argument validity verification, unbound zero’ing of the process LDT and adjacent memory can be initiated from usermode. This vulnerability could cause the kernel to panic. In addition it is possible to perform a local Denial of Service against the system by unprivileged processes.
AKIPS Network Monitor 16.5 OS Command Injection
AKIPS Network Monitor versions 15.37 through 16.5 suffer from a remote command injection vulnerability.
Window Secondary Login Failed Sanitization
The SecLogon service does not sanitize standard handles when creating a new process leading to duplicating a system service thread pool handle into a user accessible process. This can be used to elevate privileges to Local System.
Windows Kernel ATMFD.DLL OTF Font Processing Stack Crash
There is a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file.
Windows Kernel ATMFD.DLL OTF Font Processing Stack Corruption
There is a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file.
Microsoft Security Bulletin Revision Increment For March, 2016
This bulletin summary lists two bulletins that have undergone a major revision increment for March, 2016.
'The Fappening' Hacker Reveals How He Stole Nude Pics of Over 100 Celebrities
Almost one and a half years ago after the massive leakage of celebrities’ nude photographs — famous as “The Fappening” or “Celebgate” scandal — a man had been charged with the Computer Fraud and Abuse Act, facing up to 5 years in prison as a result.
The US Department of Justice (DOJ) announced on Tuesday that it charged Ryan Collins, 36, of Pennsylvania for illegally accessing the Gmail
DSA-3519 xen – security update
Multiple security issues have been found in the Xen virtualisation
solution, which may result in denial of service or information disclosure.
CESA-2016:0460 Important CentOS 5 thunderbirdSecurity Update
CentOS Errata and Security Advisory 2016:0460 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0460.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: bad0b8c22220b784a792c74ccd4cc509b27ceff695df286cb0b7f55e0700bd53 thunderbird-38.7.0-1.el5.centos.i386.rpm x86_64: d516974e69de8c329b1e1f10df6f6552556fe0056b9ca3547b6acbfe924c4069 thunderbird-38.7.0-1.el5.centos.x86_64.rpm Source: 67711d306f0c09a9ed60232f1faa67111d790400d1c41d44ce2e293c14ff0a82 thunderbird-38.7.0-1.el5.centos.src.rpm