Posted by Mark Felder on Apr 03
Hello,
The mapr web frontend component creates an information disclosure
vulnerability. During the setup of mapr the configure.sh script calls a
function ConfigureWSRole:
function ConfigureWSRole() {
if [ $clientOnly -eq 0 -a $dontChangeSecurityPermissionsOn -eq 0 ];
then
ConfigureRunUserForWS
fi
This calls ConfigureRunUserForWS from configure-common.sh:
function ConfigureRunUserForWS() {
local val=`getent group shadow…
Posted by Dirk-Willem van Gulik on Apr 03
ninka license identification tool
insufficient escaping of external input
CVE-2017-7239 / CVSS 9.3
1.06
The ninka license identification tool does not properly escape
special characters in the files it encounters – such as the ‘&’.
In case of an alien code bases; or a code base that is brought in for
examination – a third party may doctor the file names as to cause
a…
Posted by David Coomber on Apr 03
Trend Micro Enterprise Mobile Security Android Application – MITM SSL
Certificate Vulnerability (CVE-2016-9319)
BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default.
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a –write-out argument ending in a ‘%’ character, which leads to a heap-based buffer over-read.
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.