Blogs

Broadcom NetXtreme Ethernet Card possible remote vulnerability

http://www.kb.cert.org/vuls/id/512705

"A buffer overflow vulnerability exists in the Broadcom NetXtreme
management firmware. This vulnerability may allow a remote attacker to
execute arbitrary code on an affected device."

This affects the firmware on the card itself, regardless of whether the
machine is turned on or off. Both Dell and HP use these cards in their
desktops and servers.

The following devices/firmwares are affected:

Would You Have Spotted this ATM Fraud?

http://www.krebsonsecurity.com/2010/03/would-you-have-spotted-this-atm-f...

I don't know about you, but I cringe every time I go to an ATM nowadays.  "Why?" you ask.  Because I've heard of a lot of reports and seen a lot of pictures of ATM skimmers.  These devices attach to the front of an ATM where your card goes in.  When you insert your card, they scan it as well as the ATM.  Now they can create a copy of your card.

Adobe Flash Media Server Directory Traversal Vulnerability

http://www.securityfocus.com/bid/37420

"Adobe Flash Media Server is prone to a directory-traversal
vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to load arbitrary Dynamic
Linked Libraries (DLLs) present on the server. This could help the
attacker launch further attacks. "

This affects Adobe Flash Media Server 3.5.2 and prior.
This affects Adobe Flash Media Server 3.0.4 and prior.

Adobe Flash Media Server Directory Traversal Vulnerability

http://www.securityfocus.com/bid/37420

"Adobe Flash Media Server is prone to a directory-traversal
vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to load arbitrary Dynamic
Linked Libraries (DLLs) present on the server. This could help the
attacker launch further attacks. "

This affects Adobe Flash Media Server 3.5.2 and prior.
This affects Adobe Flash Media Server 3.0.4 and prior.

GnuTLS X.509 Certificate Serial Number Decoding Remote Security Vulnerability

http://www.securityfocus.com/bid/38959/info

"An attacker can exploit this issue to potentially execute arbitrary
code, trigger denial-of-service conditions, or bypass certificate
revocation list (CRL) checks, causing clients to accept expired or
invalid certificates from servers."

This affects GNU GnuTLS 1.2, specifically with RHEL4.

GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/38628/info

"GNU Tar and GNU Cpio are prone to a remote buffer-overflow
vulnerability because the applications fail to perform adequate boundary
checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the
privileges of the user running the affected application. Failed exploit
attempts will result in a denial-of-service condition.

This issue affects the following:

GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/38628/info

"GNU Tar and GNU Cpio are prone to a remote buffer-overflow
vulnerability because the applications fail to perform adequate boundary
checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the
privileges of the user running the affected application. Failed exploit
attempts will result in a denial-of-service condition.

This issue affects the following:

Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

http://www.securityfocus.com/bid/37543

"Sendmail is prone to a security-bypass vulnerability because the
application fails to properly validate the domain name in a signed CA
certificate, allowing attackers to substitute malicious SSL certificates
for trusted ones.

Successfully exploiting this issue allows attackers to perform
man-in-the-middle attacks or impersonate trusted servers, which will aid
in further attacks.

Versions prior to Sendmail 8.14.4 are vulnerable."

Pages