BugTraq Latest Security Advisories

Posted by Vulnerability Lab on May 22

Title:
======
Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities

Date:
=====
2013-05-21

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=894

Article: http://www.vulnerability-lab.com/dev/?p=580

Trend Micro (Reference): http://esupport.trendmicro.com/solution/en-US/1096805.aspx
Trend Micro Solution ID: 1096805

Video: http://www.vulnerability-lab.com/get_content.php?id=951

VL-ID:
=====
894

Common...

Posted by VUPEN Security Research on May 22

VUPEN Security Research - Microsoft Internet Explorer 10-9 Object
Confusion Sandbox Bypass (MS13-037 / Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)...

Posted by VUPEN Security Research on May 22

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML
Remote Integer Overflow (MS13-037 / Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)...

Posted by security on May 22

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:166
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : krb5
Date : May 21, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem...

Posted by Slackware Security Team on May 21

[slackware-security] kernel (SSA:2013-140-01)

New Linux kernel packages are available for Slackware 13.37 and 14.0 to fix
a security issue.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/linux-3.2.45/*: Upgraded.
Upgraded to new kernels that fix CVE-2013-2094, a bug that can allow local
users to gain a root shell. Be sure to upgrade your initrd and reinstall
LILO after upgrading...

Posted by Vulnerability Lab on May 21

Title:
======
Sony PS3 Firmware v4.31 - Code Execution Vulnerability

Date:
=====
2013-05-12

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=767

VL-ID:
=====
767

Common Vulnerability Scoring System:
====================================
6.5

Introduction:
=============
The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
PlayStation 2 as part of the...

Posted by chudakovma on May 21

CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk,
Personal Firewall)

CVE reference:
CVE-2013-3496

Credit:
Maksim Chudakov (@MChudakov)
Andrey Kurtasanov(andreykurtasanov () gmail com)

Severity:
Medium

Local\Remote:
Local

Vulnerability Class:
Privilege Escalation

Vendor URL:
http://www.infotecs.biz/

Affected OS:
Windows

Vulnerable systems:
ViPNet Client 3.2.10 (15632) and...

Posted by Fernando Gont on May 21

Folks,

We have published a revision of our IETF I-D "A method for Generating
Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
Autoconfiguration (SLAAC)".

This revision is available at:
<http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-07>.

This proposal is key for the mitigation of address-scanning attacks,
while at the same time preventing host-tracking.

Stay tuned for more IPv6 security news...

Posted by Stefan Kanthak on May 21

Hi @ll,

the "Microsoft Installer" creates for applications installed via an
.MSI the following uninstall information in the Windows registry
(see <http://msdn.microsoft.com/library/aa372105.aspx>):

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall]
"UninstallString"="MsiExec.Exe /X{<GUID>}"
"ModifyPath"="MsiExec.Exe /I{<GUID>}"

Note the unqualified path...

Posted by aure on May 21

NIST is preparing the fifth Static Analysis Tool Exposition (SATE V). Briefly, participating tool makers run their
static analyzer on a set of programs. Researchers led by NIST analyze the tool reports and present the results and
experiences at a workshop. A detailed plan is available at:

http://samate.nist.gov/SATE.html

We plan to provide test cases by June 3rd. Tool makers will have until August 1st (if at all possible; September 1st at...