Monthly Archives: February 2017
CVE-2017-6001
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.
CVE-2017-6074
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
CVE-2017-5986
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.
A Typo in Zerocoin's Source Code helped Hackers Steal ZCoins worth $585,000
Are you a programmer?
If yes, then you would know the actual pain of… “forgetting a semicolon,” the hide and seek champion since 1958.
Typos annoy everyone. Remember how a hacker’s typo stopped the biggest bank heist in the history, saved $1 billion of Bangladesh bank from getting stolen.
But this time a typo in the Zerocoin source code costs the company more than $585,000 in losses.
<!–
cacti-1.0.3-2.el6
– Update to 1.0.3
Release notes:
http://www.cacti.net/release_notes_1_0_0.php
http://www.cacti.net/release_notes_1_0_1.php
http://www.cacti.net/release_notes_1_0_2.php
http://www.cacti.net/release_notes_1_0_3.php
Google Discloses Windows Vulnerability That Microsoft Fails To Patch, Again!
Microsoft is once again facing embarrassment for not patching a vulnerability on time.
Yes, Google’s Project Zero team has once again publicly disclosed a vulnerability (with POC exploit) affecting Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10 that had yet to be patched.
A few months back, the search engine giant disclosed a critical
RECON 2017 Call For Papers
REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada, and as of this year, a new edition of the conference was held in Brussels, Belgium. The Call For Papers closes on April 15th, 2017. The conference takes place June 16th through June 18th, 2017.
Suricata IDPE 3.2.1
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It’s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
Stegano 0.6.5
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.