The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113.
Monthly Archives: March 2016
CVE-2016-0829
The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109.
CVE-2016-0831
The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215.
CVE-2016-0830
btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376.
CVE-2016-0832
Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042.
CVE-2016-1621
libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.
Re: Security contact @ Gigabyte
Posted by Mustafa Al-Bassam on Mar 12
You’re asking this on the full disclosure mailing list. Disclose it here.
Exim < 4.86.2 Local Root Privilege Escalation
Posted by Dawid Golunski on Mar 12
Advisory URL:
http://legalhackers.com/advisories/Exim-Local-Root-Privilege-Escalation.txt
=============================================
– Release date: 10.03.2016
– Discovered by: Dawid Golunski
– Severity: High/Critical
=============================================
I. VULNERABILITY
————————-
Exim < 4.86.2 Local Root Privilege Escalation
II. BACKGROUND
————————-
“Exim is a message transfer agent…
Kaltura Community Edition Multiple Vulnerabilities
Posted by Daniel Jensen on Mar 12
( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….
Netgear ReadyNAS Surveillance: Unauthenticated Remote Command Execution
Posted by Sysdream Labs on Mar 12
Unauthenticated Remote Command Execution in Netgear ReadyNAS Surveillance
=========================================================================
Product Description
===================
Netgear ReadyNAS Surveillance is a NVR (Network Video Recorder) available for Netgear NAS systems.
Vulnerability Description
=========================
A critical vulnerability has been found in Netgear ReadyNAS Surveillance configuration backup feature,…