The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815.
Monthly Archives: May 2016
Japan On Olympic Hacking Mission To Test Utilities, Trains,Telcos
HP Security Bulletin HPSBGN03564 1
HP Security Bulletin HPSBGN03564 1 – A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Release Control. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
Red Hat Security Advisory 2016-1095-01
Red Hat Security Advisory 2016-1095-01 – OpenShift Enterprise by Red Hat is the company’s cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser’s localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized access_token was provided in the query parameter.
Red Hat Security Advisory 2016-1094-01
Red Hat Security Advisory 2016-1094-01 – OpenShift Enterprise by Red Hat is the company’s cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges.
Debian Security Advisory 3584-1
Debian Linux Security Advisory 3584-1 – Gustavo Grieco discovered several flaws in the way librsvg, a SAX-based renderer library for SVG files, parses SVG files with circular definitions. A remote attacker can take advantage of these flaws to cause an application using the librsvg library to crash.
Stegano 0.5.3
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
Slackware Security Advisory – curl Updates
Slackware Security Advisory – New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
Instagram Patches Brute-Force Authentication Flaws
Facebook paid researcher Arne Swinnen a $5,000 bounty for a pair of authentication vulnerabilities in Instagram that enabled brute-force attacks against usernames and passwords.
Google Allo a Clash of Privacy and Functionality
Google Allo has an end-to-end encryption capability powered by Signal, but it’s not turned on by default because it would interfere with an artificial intelligence powering Google Assistant.