securityadmin's blog

Unpatched iPhones/iPads secure connections not so secure

http://nakedsecurity.sophos.com/2011/07/26/unpatched-iphonesipads-
secure-connections-not-so-secure/

Apple released an update for iOS devices that addresses a major
vulnerability with insecure SSL/TLS connections and x509 certificate
handling. Programs currently exist in the wild that can easily hijack a
purportedly "secure" connection from an afflicted device.

VMSA-2011-0010: Third Party Updates for Service Console packages glibc and dhcp

http://www.vmware.com/security/advisories/VMSA-2011-0010.html

"The DHCP client daemon, dhclient, does not properly sanatize certain
options in DHCP server replies. An attacker could send a specially
crafted DHCP server reply, that is saved on the client system and
evaluated by a process that assumes the option is trusted. This could
lead to arbitrary code execution with the privileges of the evaluating
process."

Unpatched iPhones/iPads secure connections not so secure

http://nakedsecurity.sophos.com/2011/07/26/unpatched-iphonesipads-
secure-connections-not-so-secure/

Apple released an update for iOS devices that addresses a major
vulnerability with insecure SSL/TLS connections and x509 certificate
handling. Programs currently exist in the wild that can easily hijack a
purportedly "secure" connection from an afflicted device.

VMSA-2011-0010: Third Party Updates for Service Console packages glibc and dhcp

http://www.vmware.com/security/advisories/VMSA-2011-0010.html

"The DHCP client daemon, dhclient, does not properly sanatize certain
options in DHCP server replies. An attacker could send a specially
crafted DHCP server reply, that is saved on the client system and
evaluated by a process that assumes the option is trusted. This could
lead to arbitrary code execution with the privileges of the evaluating
process."

Pages