Packet Storm New Exploits For November, 2015

November 30, 2015 007admin

This archive contains 190 exploits that were added to Packet Storm in November, 2015.

DSA-3410 icedove – security update

November 30, 2015 007admin

Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
integer overflows, buffer overflows and other implementation errors may
lead to the execution of arbitrary code or denial of service.

Debian

DSA-3409 putty – security update

November 30, 2015 007admin

A memory-corrupting integer overflow in the handling of the ECH (erase
characters) control sequence was discovered in PuTTY’s terminal
emulator. A remote attacker can take advantage of this flaw to mount a
denial of service or potentially to execute arbitrary code.

Debian

DSA-3408 gnutls26 – security update

November 30, 2015 007admin

It was discovered that GnuTLS, a library implementing the TLS and SSL
protocols, incorrectly validates the first byte of padding in CBC modes.
A remote attacker can possibly take advantage of this flaw to perform a
padding oracle attack.

Security

Brocade Fabric OS 6.3.1b Weak System Configuration

November 30, 2015 007admin

Brocade Fabric OS version 6.3.1b suffers from multiple weak system configuration issues that can result in system compromise. You actually have to go out of your way to break basic Linux security this badly.

Security

Ubuntu Security Notice USN-2821-1

November 30, 2015 007admin

Ubuntu Security Notice 2821-1 – It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack.

Security