BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 32 min 59 sec ago

[SECURITY] [DSA 3951-1] smb4k security update

12 hours 54 min ago

Posted by Moritz Muehlenhoff on Aug 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3951-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 22, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : smb4k
CVE ID : CVE-2017-8849

Sebastian Krahmer...
Categories:

[RT-SA-2015-008] WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs

13 hours 7 min ago

Posted by RedTeam Pentesting GmbH on Aug 22

Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs

RedTeam Pentesting discovered that malicious print jobs can be used to
trigger a remote code execution vulnerability in WebClientPrint
Processor (WCPP). These print jobs may be distributed via specially
crafted websites and are processed without any user interaction as soon
as the website is accessed.

Details
=======

Product: Neodynamic WebClientPrint Processor...
Categories:

[RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates

13 hours 18 min ago

Posted by RedTeam Pentesting GmbH on Aug 22

Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Updates

RedTeam Pentesting discovered that rogue updates trigger a remote code
execution vulnerability in WebClientPrint Processor (WCPP). These
updates may be distributed through specially crafted websites and are
processed without any user interaction as soon as the website is
accessed. However, the browser must run with administrative privileges.

Details
=======

Product:...
Categories:

[RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification

13 hours 34 min ago

Posted by RedTeam Pentesting GmbH on Aug 22

Advisory: WebClientPrint Processor 2.0: Unauthorised Proxy Modification

RedTeam Pentesting discovered that attackers can configure a proxy host
and port to be used when fetching print jobs with WebClientPrint
Processor (WCPP). This proxy setting may be distributed via specially
crafted websites and is set without any user interaction as soon as the
website is accessed.

Details
=======

Product: Neodynamic WebClientPrint Processor
Affected...
Categories:

[RT-SA-2015-011] WebClientPrint Processor 2.0: No Validation of TLS Certificates

13 hours 47 min ago

Posted by RedTeam Pentesting GmbH on Aug 22

Advisory: WebClientPrint Processor 2.0: No Validation of TLS Certificates

RedTeam Pentesting discovered that WebClientPrint Processor (WCPP) does
not validate TLS certificates when initiating HTTPS connections. Thus, a
man-in-the-middle attacker may intercept and/or modify HTTPS traffic in
transit. This may result in a disclosure of sensitive information and
the integrity of printed documents cannot be guaranteed.

Details
=======

Product:...
Categories:

[SECURITY] [DSA 3950-1] libraw security update

August 22, 2017 - 1:01am

Posted by Luciano Bello on Aug 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-3950-1 security () debian org
https://www.debian.org/security/ Luciano Bello
August 21, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libraw
CVE ID : CVE-2017-6886 CVE-2017-6887
Debian...
Categories:

[SECURITY] [DSA 3948-1] ioquake3 security update

August 21, 2017 - 2:34am

Posted by Moritz Muehlenhoff on Aug 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-3948-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 19, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ioquake3
CVE ID : CVE-2017-11721

A read buffer...
Categories:

[SECURITY] [DSA 3946-1] libmspack security update

August 18, 2017 - 5:13am

Posted by Sebastien Delafond on Aug 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-3946-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
August 18, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libmspack
CVE ID : CVE-2017-6419 CVE-2017-11423...
Categories:

[SECURITY] [DSA 3928-2] firefox-esr security update

August 17, 2017 - 1:13am

Posted by Moritz Muehlenhoff on Aug 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3928-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2017-7753 CVE-2017-7779...
Categories:

Microsoft Resnet - DNS Configuration Web Vulnerability

August 16, 2017 - 1:31pm

Posted by Vulnerability Lab on Aug 16

Document Title:
===============
Microsoft Resnet - DNS Configuration Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2087

Acknowledgements: https://technet.microsoft.com/en-us/security/cc308589.aspx

Release Date:
=============
2017-08-16

Vulnerability Laboratory ID (VL-ID):
====================================
2087

Common Vulnerability Scoring System:...
Categories:

FreeBSD <= 10.3 jail SHM hole

August 16, 2017 - 5:13am

Posted by WhiteWinterWolf on Aug 16

AFFECTED PRODUCTS

This issue affects FreeBSD from 7.0 to 10.3 included.

DESCRIPTION

FreeBSD jail incompletely protects the access to the IPC primitives.

The 'allow.sysvipc' setting only affects IPC queues, leaving other IPC
objects unprotected, making them reachable system-wide independently of
the system configuration.

This creates two main weaknesses:

- An attacker able to execute commands in one jail can attack processes...
Categories: