Posted by halfdog on Mar 17
Hello List,
Although I have no row-hammer affected hardware, I tried to build a POC that allows zero-risk exploitation of
row-hammer affected DRAM setups, see [1].
The main idea of the POC is to
* reserve complete rows of physical pages (verified via pagemap)
* remove the cached page of a file suitable for privilege escalation, e.g. a SUID binary or ld-linux, from read page
cache, so that it will be read again and probably mapped to a new…
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.
Ilja van Sprundel, Alan Coopersmith and William Robinet discovered
multiple issues in libxfont’s code to process BDF fonts, which might
result in privilege escalation.
Several vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial
of service (application crash) or, potentially, execution of arbitrary
code.
Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a password
authentication program, has a flaw in processing account names which
contain double dashes. A remote attacker can use this flaw to cause a
denial of service (infinite loop).
0.8.2-Ferri
Bug Fix
!! Fixed some openssl deprecated functions usage
!! Fixed log file ownership
!! Fixed mixed output print
!! Fixed drop_privs function usage
!! Fixed nopromisc option usage.
!! Fixed missing break in parser code.
!! Improved redirect commands
!! Fix truncated VLAN packet headers
!! Fix ettercap.rc file (windows only)
!! Various cmake fixes
!! A ton of BSD bug fixes
!! Simplify macosx cmake files
!! Fix incorrect sequence number after TCP injection
!! Fix pcap length, and aligment problems with libpcap
!! Bug fixes and gtk code refactor (gtk box wrapper)
!! Fix some ipv6 send issues
!! Fixed sleep time on Windows (high CPU usage)
!! Fixed many CVE vulnerabilities (some of them already fixed in 0.8.1)
– CVE-2014-6395 (Length Parameter Inconsistency)
– CVE-2014-6396 (Arbitrary write)
– CVE-2014-9376 (Negative index/underflow)
– CVE-2014-9377 (Heap overflow)
– CVE-2014-9378 (Unchecked return value)
– CVE-2014-9379 (Incorrect cast)
– CVE-2014-9380 (Buffer over-read)
– CVE-2014-9381 (Signedness error)
New Features
+ Updated etter.finger.mac
+ Add TXT and ANY query support on dns_spoof
+ New macosx travis-ci build!
+ Enable again PDF generation
Removed
– Remove gprof support
0.8.2-Ferri
Bug Fix
!! Fixed some openssl deprecated functions usage
!! Fixed log file ownership
!! Fixed mixed output print
!! Fixed drop_privs function usage
!! Fixed nopromisc option usage.
!! Fixed missing break in parser code.
!! Improved redirect commands
!! Fix truncated VLAN packet headers
!! Fix ettercap.rc file (windows only)
!! Various cmake fixes
!! A ton of BSD bug fixes
!! Simplify macosx cmake files
!! Fix incorrect sequence number after TCP injection
!! Fix pcap length, and aligment problems with libpcap
!! Bug fixes and gtk code refactor (gtk box wrapper)
!! Fix some ipv6 send issues
!! Fixed sleep time on Windows (high CPU usage)
!! Fixed many CVE vulnerabilities (some of them already fixed in 0.8.1)
– CVE-2014-6395 (Length Parameter Inconsistency)
– CVE-2014-6396 (Arbitrary write)
– CVE-2014-9376 (Negative index/underflow)
– CVE-2014-9377 (Heap overflow)
– CVE-2014-9378 (Unchecked return value)
– CVE-2014-9379 (Incorrect cast)
– CVE-2014-9380 (Buffer over-read)
– CVE-2014-9381 (Signedness error)
New Features
+ Updated etter.finger.mac
+ Add TXT and ANY query support on dns_spoof
+ New macosx travis-ci build!
+ Enable again PDF generation
Removed
– Remove gprof support