The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
Monthly Archives: November 2014
Avoiding the Dark Security Future
LAS VEGAS–Nick Percoco has been thinking a lot about the future of technology, and some of the things he’s dreamed up aren’t very pretty: farms of people renting out their spare brain cycles, autonomous cars that freak out and careen into oncoming traffic and hacking groups hijacking users’ augmented reality gear and demanding ransoms to unlock […]
[BSA-099] Security update for libreofice
Rene Engelhard uploaded new packages for libreoffice which fixed the following security problems: CVE-2014-3693: Use-After-Free in socket manager of Impress Remote It was discovered that LibreOffice 4.0.0 and later does not manage the port 1599 for the LibreOffice Impress correctly. An external attackers with access to that port could cause the deleted port manager to continue to process attacker supplied data. Note that this update also disables the remote contol per default as it listens on port 1599 "to the world" per default. If you want/need it you need to enable it manally: 1. Open LibreOffice, go to "Tools -> Options..." 2. Select "LibreOffice Impress -> General" 3. Check "Presentation -> Enable remote control" For the wheezy-backports distribution the problems have been fixed in version 1:4.3.3~rc2-1~bpo70+1.
Expanding Use of PKI in Variety of Devices Holds Challenges
LAS VEGAS–One of the longest running jokes in the security industry is that each coming year finally will be The Year of PKI. While that one huge year never materialized, the use of PKI and digital certificates has become an integral part of how the Internet works today. But there are some challenges on the horizon […]
​Jeremy Rowley on the Facebook Tor Cert Decision and the Future of PKI
Dennis Fisher and DigiCert’s Jeremy Rowley discuss the company’s certificate issuance for Facebook’s .onion site, the challenge of key protection in today’s environment and what the near future holds for PKI.
CVE-2014-3640
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
CVE-2014-3693
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.
CVE-2014-5037
Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.
CVE-2014-5038
Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files.
CVE-2014-6620
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.