Category Archives: Security

Security

qemu-2.7.1-6.fc25

* chardev data is dropped when host side closed (bz #1352977)
* CVE-2016-8667: dma: divide by zero error in set_next_tick (bz #1384876)
* IPv6 DNS problems in qemu user networking (bz #1401165)
* Fix crash in qxl memslot_get_virt (bz #1405847)
* CVE-2017-5579: serial: fix memory leak in serial exit (bz #1416161)
* spec: Pull in ipxe/vgabios links via -common package (bz #1431403)
* Clean up binfmt.d configuration files (bz #1394859)

CVE-2017-7874

udevd in udev 232, when the Linux kernel 4.8.0 is used, does not properly verify the source of a Netlink message, which allows local users to execute arbitrary commands by leveraging access to the NETLINK_KOBJECT_UEVENT family, and the presence of the /lib/udev/rules.d/50-udev-default.rules file, to provide a crafted REMOVE_CMD value.

CVE-2017-7881

BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.

ETERNALBLUE 2.2.0 Windows 2008 R2 SMBv1 Zero Day Exploit

ETERNALBLUE is an SMBv1 remote unauthenticated zero day exploit that works on 2008 R2. Note that this exploit is part of the recent public disclosure from the “Shadow Brokers” who claim to have compromised data from a team known as the “Equation Group”, however, there is no author data available in this content. Consider this exploit hostile and unverified. For research purposes only. Description has been referenced from http://medium.com/@networksecurity.

EXPLODINGCAN 2.0.2 Microsoft IIS 6 Exploit

EXPLODINGCAN is an exploit for Microsoft IIS 6 that leverages WebDAV and works on 2003 only. Note that this exploit is part of the recent public disclosure from the “Shadow Brokers” who claim to have compromised data from a team known as the “Equation Group”, however, there is no author data available in this content. Consider this exploit hostile and unverified. For research purposes only. Description has been referenced from http://medium.com/@networksecurity.