Tagged: vulnerability

us-cert-logo 0

GNU glibc Vulnerability

Original release date: February 17, 2016 GNU glibc contains a buffer overflow vulnerability in the DNS resolver. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Vulnerability Note VU#457759 and the glibc Project Notification for additional details and to refer to their respective Linux or Unix-based OS vendor for an appropriate patch

VU#457759: glibc vulnerable to stack buffer overflow in DNS resolver 0

VU#457759: glibc vulnerable to stack buffer overflow in DNS resolver

Vulnerability Note VU#457759 glibc vulnerable to stack buffer overflow in DNS resolver Original Release date: 17 Feb 2016 | Last revised: 18 Feb 2016 Overview GNU glibc contains a buffer overflow vulnerability in the DNS resolver, which may allow a remote attacker to execute arbitrary code. Description CWE-121 : Stack-based Buffer Overflow – CVE-2015-7547 According to a Google security blog post : “The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.” According to glibc developers, the vulnerable code was initially added in May 2008 as part of the development for glibc 2.9.

Microsoft February 2016 Patch Tuesday, (Tue, Feb 9th) 0

Microsoft February 2016 Patch Tuesday, (Tue, Feb 9th)

Overview of the February 2016 Microsoft patches and their status. # Affected Contra Indications – KB Known Exploits Microsoft rating (**) ISC rating (*) clients servers MS15-009 Cumulative Security Update for Internet Explorer (Replaces MS16-001 ) Internet Explorer CVE-2016-0041 , CVE-2016-0059 , CVE-2016-0060 , CVE-2016-0061 , CVE-2016-0062 , CVE-2016-0063 , CVE-2016-0064 , CVE-2016-0067 , CVE-2016-0068 , CVE-2016-0069 , CVE-2016-0071 , CVE-2016-0072 ,”> MS15-011 Cumulative Security Update for Microsoft Edge (Replaces KB3124266 ) Microsoft Edge CVE-2016-0060 , CVE-2016-0061 , CVE-2016-0062 , CVE-2016-0077 , CVE-2016-0080 ,”> Critical : Anything that needs little to become interesting”> Less Urt practices for servers such as not using outlook, MSIE, word etc

Oracle Releases Security Updates for Java 0

Oracle Releases Security Updates for Java

Original release date: February 08, 2016 Oracle has released security updates to address a vulnerability in Java SE versions 6, 7, and 8 for Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system

VU#305096: Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium 0

VU#305096: Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium

Vulnerability Note VU#305096 Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium Original Release date: 04 Feb 2016 | Last revised: 05 Feb 2016 Overview Comodo Chromodo browser, version 45.8.12.391, and possibly earlier, bundles the Ad Sanitizer extension, version 1.4.0.26, which disables same origin policy, allowing for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities

Apache Commons Collections Under Attack 0

Apache Commons Collections Under Attack

Two months ago, a Java zero day vulnerability (CVE-2015-4852) that targeted Apache commons collections library was disclosed. This vulnerability is caused by an error when Java applications, which use Apache commons collections library, deserialize o…