Monthly Archives: September 2016

Security

Red Hat Security Advisory 2016-1939-01

Leave a comment

Red Hat Security Advisory 2016-1939-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel’s networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.

US-CERT

ISC Releases Security Updates for BIND

Leave a comment

Original release date: September 27, 2016

The Internet Systems Consortium (ISC) has released updates that address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

  • BIND 9 version 9.9.9-P3
  • BIND 9 version 9.10.4-P3
  • BIND 9 version 9.11.0rc3
  • BIND 9 version 9.9.9-S5

US-CERT encourages users and administrators to review ISC Knowledge Base Article AA-01419 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Security

Red Hat Security Advisory 2016-1940-01

Leave a comment

Red Hat Security Advisory 2016-1940-01 – OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.

Full Disclosure

[Adobe Flash] local-with-filesystem sandbox bypass via navigateToURL() and UI redressing

Leave a comment

Posted by TRUEL IT | Leone Pontorieri on Sep 27

[+]####################################################################################################
|
| Title: Adobe Flash local-with-filesystem sandbox bypass via navigateToURL() and UI redressing
| Author: Leone Pontorieri
| <leone [dot] pontorieri [at] truel [dot] it>
| https://www.truel.it
| Product: Adobe Flash
| <= 23 (before September 13, 2016)
| Changelog:…

Full Disclosure

Re: CVE-2016-6662 – MySQL Remote Root Code Execution / Privilege Escalation ( 0day )

Leave a comment

Posted by Mark Koek on Sep 27

Thanks for your explanation. It is a very good discovery to be sure.

Yet I still think that a ‘remote root’ is something different – Google
gives me this for example:
https://tools.cisco.com/security/center/viewAlert.x?alertId=4061 which
is a way to directly become root from the internet through a vulnerable
piece of server software listening on a socket. Connect, exploit, root.

In your case, another hurdle has to be cleared first…

Full Disclosure

IE11 is not following CORS specification for local files

Leave a comment

Posted by Ricardo Iramar dos Santos on Sep 27

IE11 is not following CORS specification for local files like Chrome
and Firefox.
I’ve contacted Microsoft and they say this is not a security issue so
I’m sharing it.

files as supposed to be.
In order to prove I’ve created a malicious html file with the content below.

<html>
<script>
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if (“withCredentials” in xhr) {…