epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet.
Monthly Archives: September 2016
CVE-2016-7177 (wireshark)
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
CVE-2016-7178 (wireshark)
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet.
CVE-2016-7179 (wireshark)
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2016-7180 (wireshark)
epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
Oh, It's On Sale! USB Kill to Destroy any Computer within Seconds
Remember Killer USB stick?
A proof-of-concept USB prototype that was designed by a Russian researcher, Dark Purple, last year, to effectively destroy sensitive components of a computer when plugged in.
Now, someone has actually created the Killer USB stick that destroys almost anything – such as Laptops, PCs, or televisions – it is plugged into.
<!– adsense –>
A Hong Kong-based technology
New Version of RAA Ransomware Updated to Attack Business Targets
Kaspersky Lab announced today its experts have discovered a new version of the RAA ransomware, a malware written entirely on JScript.
Google Chrome to Label Sensitive HTTP Pages as "Not Secure"
Although over three months remaining, Google has planned a New Year gift for the Internet users, who’re concerned about their privacy and security.
Starting in January of 2017, the world’s most popular web browser Chrome will begin labeling HTTP sites that transmit passwords or ask for credit card details as “Not Secure” — the first step in Google’s plan to discourage the use of sites that
GNU Transport Layer Security Library 3.4.15
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
Asterisk Project Security Advisory – AST-2016-007
Asterisk Project Security Advisory – The overlap dialing feature in chan_sip allows chan_sip to report to a device that the number that has been dialed is incomplete and more digits are required. If this functionality is used with a device that has performed username/password authentication RTP resources are leaked. This occurs because the code fails to release the old RTP resources before allocating new ones in this scenario. If all resources are used then RTP port exhaustion will occur and no RTP sessions are able to be set up.