by CIRT Team
Linux kernel CVE-2017-7487 : ‘net/ipx/af_ipx.c’ Use After Free Local Denial of Service Vulnerability
Description: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. Impact: An attacker can exploit this issue to cause a local denial-of-service condition. Mitigation: Updates are available. Please check specific vendor advisory for...
Read More
by CIRT Team
Heimdal CVE-2017-11103 Man in the Middle Security Bypass Vulnerability
Description: Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus’ Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in ‘enc_part’ instead of the unencrypted version stored in ‘ticket’. Use of the unencrypted version provides an opportunity for successful server impersonation...
Read More
by CIRT Team
Citrix NetScaler Gateway CVE-2017-7219 Heap Buffer Overflow Vulnerability
Description: A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Impact: Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Mitigation: Updates are available....
Read More
by CIRT Team
GNU glibc CVE-2017-1000366 Local Memory Corruption Vulnerability
Description: glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and...
Read More
by CIRT Team
CVE-2017-9417 Broadpwn Bug of Android and iOS Devices
Description: Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the “Broadpwn” issue. Impact: Broadcom Wi-Fi chips embedded in Android and iOS devices are vulnerable to a bug that allows an attacker to execute code on their devices, without any interaction needed from the user. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s:...
Read More
by CIRT Team
QEMU CVE-2017-9524 Denial of Service Vulnerability
Description: The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function. Impact: Attackers can exploit this issue to crash the QEMU instance, resulting in a...
Read More
by CIRT Team
Git CVE-2017-8386 Security Bypass Vulnerability
Description: git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a – (dash) character. Impact: Remote attackers can exploit this issue to bypass certain security restrictions and perform unauthorized...
Read More
by CIRT Team
OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
Description: There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private...
Read More
by CIRT Team
CVE-2017-6746: Cisco Web Security Appliance Command Injection and Privilege Escalation Vulnerability
Description: A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by authenticating to the affected device and performing...
Read More
by CIRT Team
Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution
Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Below versions are affected: PHP 5.6 prior to 5.6.31 PHP 7.0 prior to 7.0.21...
Read More
