Security News

[SECURITY] [DSA 4392-1] thunderbird security update

Bug Traq - 17 February, 2019 - 23:06

Posted by Moritz Muehlenhoff on Feb 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-4392-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 16, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2018-18356 CVE-2018-18500...

DASAN H665 has vendor backdoor built into BusyBox’s /bin/login

Bug Traq - 17 February, 2019 - 22:17

Posted by Krzysztof Burghardt on Feb 17

Hi!

DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account
named "dnsekakf2$$" gives access to admin (uid 0) account over telnet
without any password, at least for administration interface documented
in H665 Quick Guide (subnet 192.168.55.0/24 on LAN interface).

$ telnet 192.168.55.1
Trying 192.168.55.1...
Connected to 192.168.55.1.
Escape character is '^]'.
tc login: dnsekakf2$$
# uname -a
Linux tc 2.6.36 #1...

The dream of the LISP machine is alive in the 90ies

Daily Dave - 15 February, 2019 - 11:23

Posted by Bas Alberts on Feb 15

I ate some bad chicken last night.

Really it all started a few days ago when I saw a chick-fil-a
commercial about their heart shaped 30pc nugget Valentines day
special. That's where that particular piece of data first entered my
system.

I didn't think much of it at the time.

If you're wondering how I could let delicious chicken trump my ethics
I would counter that, if you're reading this, you are probably an
information...

[slackware-security] mozilla-thunderbird (SSA:2019-045-01)

Bug Traq - 15 February, 2019 - 00:16

Posted by Slackware Security Team on Feb 14

[slackware-security] mozilla-thunderbird (SSA:2019-045-01)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-60.5.1-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 4391-1] firefox-esr security update

Bug Traq - 15 February, 2019 - 00:12

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4391-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2018-18356 CVE-2019-5785...

Vuln: Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability

Security Focus Vulnerabilities - 15 February, 2019 - 00:00
Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability

Vuln: Mozilla Firefox and Firefox ESR CVE-2019-5785 Integer Overflow Vulnerability

Security Focus Vulnerabilities - 15 February, 2019 - 00:00
Mozilla Firefox and Firefox ESR CVE-2019-5785 Integer Overflow Vulnerability

Vuln: Google Chrome Prior to 71.0.3578.80 Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 15 February, 2019 - 00:00
Google Chrome Prior to 71.0.3578.80 Multiple Security Vulnerabilities

[slackware-security] mozilla-firefox (SSA:2019-044-01)

Bug Traq - 14 February, 2019 - 02:45

Posted by Slackware Security Team on Feb 13

[slackware-security] mozilla-firefox (SSA:2019-044-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-60.5.1esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702)

Bug Traq - 14 February, 2019 - 02:42

Posted by David Coomber on Feb 13

Qkr! with MasterPass iOS Application - MITM SSL Certificate
Vulnerability (CVE-2019-6702)

Vuln: SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 14 February, 2019 - 00:00
SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability

0days Post

Daily Dave - 13 February, 2019 - 13:51

Posted by Dave Aitel on Feb 13

When in the course of human events, it becomes necessary for one person to
communicate information about an unknown vulnerability to the public, they
often do not do so in the manner to which you might expect: With all due
pomp and circumstance, a ringing of the sacred bells, a phone call to Kim
Zetter, and that sort of thing.

Instead, they announce their talk title as "TBD LOL!", put a code fragment
into their Keynote slidepack with...

Re: Static and Dynamic Analysis

Daily Dave - 13 February, 2019 - 12:03

Posted by Jared DeMott on Feb 13

We use and have access to a number of both types of tools when we do dev
training and pentesting. We find them fairly useful both for dev and for
red teaming.

Re: [SRP-2018-02] Security of NC+ SAT TV platform and ST chipsets

Full Disclosure - 13 February, 2019 - 11:28

Posted by Security Explorations on Feb 13

Hello All,

Due to no interest in our SAT TV security research, the remaining
bits of SRP-2018-02 material including the following:
- technical details of a new ST chipset vulnerability,
- Proof of Concept code for the above vulnerability,
- Proof of Concept codes for set-top-box and ST chipset access,
- SLIMCore assembler and compiler stubs generator tools,
- responses (or their lack of) to our inquiries from 20+ companies
  (content...

[slackware-security] lxc (SSA:2019-043-01)

Bug Traq - 13 February, 2019 - 08:49

Posted by Slackware Security Team on Feb 13

[slackware-security] lxc (SSA:2019-043-01)

New lxc packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/lxc-2.0.9_d3a03247-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue where a malicious privileged container
could overwrite the host binary and thus gain root-level code execution on
the...

CA20190212-01: Security Notice for CA Privileged Access Manager

Bug Traq - 13 February, 2019 - 08:45

Posted by Kevin Kotas on Feb 13

CA20190212-01: Security Notice for CA Privileged Access Manager

Issued: February 12, 2019
Last Updated: February 12, 2019

CA Technologies Support is alerting customers to a potential risk
with CA Privileged Access Manager. A vulnerability exists that can
allow a remote attacker to access sensitive information or modify
configuration. CA published solutions to address the vulnerabilities.

CVE-2019-7392 describes a vulnerability resulting from...

[SECURITY] [DSA 4390-1] flatpak security update

Bug Traq - 13 February, 2019 - 08:42

Posted by Moritz Muehlenhoff on Feb 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-4390-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : flatpak
CVE ID : not yet available
Debian Bug :...

KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset

Full Disclosure - 12 February, 2019 - 13:24

Posted by Kingkaustubh via Fulldisclosure on Feb 12

=====================================================
DoS and gecko reboot in the nokia 8810 4G handset
=====================================================

. contents:: Table Of Content

Overview
========

Title:- DoS and gecko reboot in the nokia 8810 4G handset
Author: Kaustubh G. Padwad
CVE ID: CVE-2019-7386
Vendor: HMD Global, Nokia, KaiOS
Products: Nokia 88104G

Tested Version: :
Model :- Nokia 8810 4G
Software : 10.05...

KSA-Dev-006:CVE-2019-7385: Authenticated remote code execution on Multiple Raisecom GPON Devices

Full Disclosure - 12 February, 2019 - 13:24

Posted by Kingkaustubh via Fulldisclosure on Feb 12

=====================================
Authenticated Shell Command Injection
=====================================

. contents:: Table Of Content

Overview
========

Title:- Authenticated Shell command Injection
Author: Kaustubh G. Padwad

Vendor: Raisecom technology co.,LTD
Product: GPON-ONU HT803G-07 (could be more who shares the same codebase)

Potentially vulnerable

ISCOM HT803G-U
ISCOM HT803G-W
ISCOM HT803G-1GE
ISCOM HT803G

Tested...

KSA-Dev-005:CVE-2019-7384: Authenticated Remote Code Execution in Raisecom GPON Devices

Full Disclosure - 12 February, 2019 - 13:24

Posted by Kingkaustubh via Fulldisclosure on Feb 12

=====================================
Authenticated Shell Command Injection
=====================================

. contents:: Table Of Content

Overview
========

Title:- Authenticated Shell command Injection
Author: Kaustubh G. Padwad
CVE ID: CVE-2019-7384.
Vendor: Raisecom technology co.,LTD
Product: GPON-ONU HT803G-07 (could be more who shares the same codebase)

Potentially vulnerable

ISCOM HT803G-U
ISCOM HT803G-W
ISCOM HT803G-1GE...
Syndicate content