[월:] 2016년 09월

CVE-2015-8960 (chrome, firefox, internet_explorer, opera, safari)

Posted on by admin

CVE-2015-8960 (chrome, firefox, internet_explorer, opera, safari)

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

Source: CVE-2015-8960 (chrome, firefox, internet_explorer, opera, safari)

CVE-2015-8960

Posted on by admin

CVE-2015-8960

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

Source: CVE-2015-8960

CVE-2016-6662 (mariadb, mysql, percona_server)

Posted on by admin

CVE-2016-6662 (mariadb, mysql, percona_server)

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.

Source: CVE-2016-6662 (mariadb, mysql, percona_server)

CVE-2016-6662

Posted on by admin

CVE-2016-6662

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.

Source: CVE-2016-6662

CVE-2015-8934 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

Posted on by admin

CVE-2015-8934 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.

Source: CVE-2015-8934 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

CVE-2015-8933 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

Posted on by admin

CVE-2015-8933 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.

Source: CVE-2015-8933 (libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

CVE-2015-8931 (debian_linux, libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

Posted on by admin

CVE-2015-8931 (debian_linux, libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.

Source: CVE-2015-8931 (debian_linux, libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

CVE-2015-8932 (debian_linux, libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

Posted on by admin

CVE-2015-8932 (debian_linux, libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)

The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.

Source: CVE-2015-8932 (debian_linux, libarchive, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, ubuntu_linux)