Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
Category Archives: Security
Security
OpenSSH 6.7p1
This is a Linux/portable port of OpenBSD’s excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen’s SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
Oracle Patches Bash Vulnerabilities
Original release date: October 07, 2014
Oracle has released security updates to address bash vulnerabilities found across multiple products.
US-CERT recommends users and administrators review the Oracle Security Article for additional details, and apply updates as necessary.
This product is provided subject to this Notification and this Privacy & Use policy.
Red Hat Security Advisory 2014-1365-01
Red Hat Security Advisory 2014-1365-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel’s futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. The security impact of this issue was discovered by Mateusz Guzik of Red Hat.
Nessus Web UI 2.3.3 Cross Site Scripting
Nessus Web UI version 2.3.3 suffers from a persistent cross site scripting vulnerability.
Google Releases Security Updates for Chrome and Chrome OS
Original release date: October 07, 2014
Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, some of which could potentially allow an attacker to take control of the affected system or cause a denial of service condition.
Updates available include:
- Chrome 38.0.2125.101 for Windows, Mac and Linux
- Chrome 38.0.2125.59 for iPhone and iPad
- Chrome OS 38.0.2125.101 for all Chrome OS devices except Chromeboxes
Users and administrators are encouraged to review the Google Chrome blog entries 1, 2 and 3, and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Bugzilla Account Creation / XSS / Information Leak
Bugzilla Security Advisory – Bugzilla versions 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, and 4.5.1 to 4.5.5 suffer from unauthorized account creation, cross site scripting, and information leak vulnerabilities.
CPUMiner Stack Overflow
CPUMiner versions prior to 2.4.1 suffer from a stack overflow vulnerability.
CVE-2014-7204 (debian_linux, exuberant_ctags, mageia, ubuntu_linux)
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.
Arbor: DDoS Attacks Getting Bigger as Reflection Increases
New reflected distributed denial of service attack techniques are increasing the volume of each attack as well as the overall frequency of large-scale DDoS attacks.