Hack Talk
There was a HOLE here. It's gone now. Home | Gitweb | Status | IRC

Tue, 28 Mar 2017 08:06:28 +0200

APPLE-SA-2017-03-27-7 macOS Server 5.3
    28 Mar 2017 | 07:20 from Bugtraq

Posted by Apple Product Security on Mar 27

APPLE-SA-2017-03-27-7 macOS Server 5.3

macOS Server 5.3 is now available and addresses the following:

Profile Manager
Available for: macOS 10.12.4 and later
Impact: A remote user may be able to cause a denial-of-service
Description: A crafted request may cause a global cache to grow
indefinitely, leading to a denial-of-service. This was addressed by
not caching unknown MIME types.
CVE-2016-0751

Web Server
Available for: macOS 10.12.4 and...

[SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update
    28 Mar 2017 | 06:57 from Bugtraq

Posted by Moritz Muehlenhoff on Mar 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3821-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gst-plugins-ugly1.0
CVE ID : CVE-2017-5846...

APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS
    27 Mar 2017 | 21:19 from Bugtraq

Posted by Apple Product Security on Mar 27

APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1
for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS are now
available and address the following:

Export
Available for: macOS 10.12 Sierra or later, iOS 10 or later
Impact: The contents of password-protected PDFs exported from iWork
may be exposed
Description: iWork used weak 40-bit RC4 encryption for password-
protected PDF exports. This issue was addressed by changing iWork...

Nmap Project Seeking Talented Programmers for GSoC 2017
    27 Mar 2017 | 19:39 from Nmap Announce

Posted by Fyodor on Mar 27

Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

[SECURITY] [DSA 3817-1] jbig2dec security update
    27 Mar 2017 | 07:31 from Bugtraq

Posted by Moritz Muehlenhoff on Mar 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3817-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 24, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jbig2dec
CVE ID : CVE-2016-9601

Multiple security...

Meet the LibrePlanet 2017 Speakers: Christian Fernandez
    23 Mar 2017 | 17:07 from FSF's blog

Christian Fernandez is a cyber security expert, joining us at LibrePlanet 2017 to talk about penetration testing and how "pentesting" can be done using entirely free tools.


[SECURITY] [DSA 3816-1] samba security update
    23 Mar 2017 | 12:39 from Bugtraq

Posted by Salvatore Bonaccorso on Mar 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3816-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
March 23, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : samba
CVE ID : CVE-2017-2619

Jann Horn of Google...

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6
    23 Mar 2017 | 01:06 from Bugtraq

Posted by Apple Product Security on Mar 22

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

iTunes for Windows 12.6 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These issues were
addressed by updating SQLite to version 3.15.2.
CVE-2013-7443
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3717
CVE-2015-6607
CVE-2016-6153

iTunes
Available for: Windows 7 and later...

Cisco Security Advisory: Cisco IOx Data in Motion Stack Overflow Vulnerability
    22 Mar 2017 | 21:16 from Bugtraq

Posted by psirt on Mar 22

Cisco Security Advisory: Cisco IOx Data in Motion Stack Overflow Vulnerability

Advisory ID: cisco-sa-20170322-iox

Revision: 1.0

For Public Release: 2017 March 22 16:00 GMT

Last Updated: 2017 March 22 16:00 GMT

CVE ID(s): CVE-2017-3853

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the Data-in-Motion (DMo) process...

Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability
    22 Mar 2017 | 21:09 from Bugtraq

Posted by psirt on Mar 22

Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of
Service Vulnerability

Advisory ID: cisco-sa-20170322-ztp

Revision: 1.0

For Public Release: 2017 March 22 16:00 GMT

Last Updated: 2017 March 22 16:00 GMT

CVE ID(s): CVE-2017-3859

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary...

Cisco Security Advisory: Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability
    22 Mar 2017 | 21:00 from Bugtraq

Posted by psirt on Mar 22

Cisco Security Advisory: Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability

Advisory ID: cisco-sa-20170322-l2tp

Revision: 1.0

For Public Release: 2017 March 22 16:00 GMT

Last Updated: 2017 March 22 16:00 GMT

CVE ID(s): CVE-2017-3857

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in...

Meet the LibrePlanet 2017 Speakers: Denver Gingerich
    22 Mar 2017 | 20:55 from FSF's blog

Denver Gingerich is the founder and lead developer of JMP (https://jmp.chat/), a free software chat gateway that lets you text and call people using a real phone number without a phone. He's speaking at LibrePlanet 2017 (https://libreplanet.org/2017) (March 25-26th in Cambridge, MA), in Block 5B, from 15:40-16:25 on Sunday. Want to learn more about bringing software freedom to your cell phone? Check out his talk "A fully-free cell phone experience, no baseband required."


Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability
    22 Mar 2017 | 20:50 from Bugtraq

Posted by psirt on Mar 22

Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability

Advisory ID: cisco-sa-20170322-dhcpc

Revision: 1.0

For Public Release: 2017 March 22 16:00 GMT

Last Updated: 2017 March 22 16:00 GMT

CVE ID(s): CVE-2017-3864

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the DHCP...

XQuery 3.1, XQueryX 3.1, XPath 3.1 and supporting documents now a W3C Recommendation
    22 Mar 2017 | 15:25 from W3C News

The XML Query Working Group and the XSLT Working Group have published six documents as W3C Recommendations to strengthen JSON and Web Platform support through maps, arrays, new functions: XQuery 3.1: An XML Query Language XQueryX 3.1 XML Path Language (XPath) 3.1 XQuery and XPath Data Model 3.1 XPath and XQuery Functions and Operators 3.1 […]


SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices
    22 Mar 2017 | 13:24 from Bugtraq

Posted by SEC Consult Vulnerability Lab on Mar 22

SEC Consult Vulnerability Lab Security Advisory < 20170322-0 >
=======================================================================
title: Multiple vulnerabilities
product: Solare Datensysteme GmbH
Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000
vulnerable version: Firmware 2.8.4-56 / 3.5.2-85
fixed version: Firmware 3.5.3-86
CVE number: -
impact: Critical...

Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
    21 Mar 2017 | 19:39 from Bugtraq

Posted by Stefan Kanthak on Mar 21

Hi @ll,

Windows 8 and newer versions (Windows 7 and Windows Server 2008 R2
with KB2532445 or KB3125574 installed too) don't allow unprivileged
callers to circumvent AppLocker and SAFER rules via

LoadLibraryEx(TEXT("<arbitrary DLL>"), NULL, LOAD_IGNORE_CODE_AUTHZ_LEVEL);

See <https://msdn.microsoft.com/en-us/library/ms684179.aspx>
and <https://support.microsoft.com/kb/2532445>

| LOAD_IGNORE_CODE_AUTHZ_LEVEL...

Faraday v2.4: Collaborative Penetration Test and Vulnerability Management Platform
    21 Mar 2017 | 15:25 from Penetration Testing

Posted by Francisco Amato on Mar 21

March is already rolling and so is our work. Today we feel so happy to
share a new release, Faraday v2.4!

Before preparing an upcoming release, we try to focus not only on
improving the product but also on perfecting the user experience. We
want to go beyond optimizing your everyday work, inspiring you to do
more!

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in...

[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
    21 Mar 2017 | 14:10 from Penetration Testing

Posted by ERPScan inc on Mar 21

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component
Vendor URL: http://SAP.com
Bugs: Directory traversal
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 13.12.2016
Reference: SAP Security Note 2310790
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION
Title: [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
Advisory ID: [ERPSCAN-16-041]
Risk: medium...

[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
    21 Mar 2017 | 14:02 from Bugtraq

Posted by ERPScan inc on Mar 21

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component
Vendor URL: http://SAP.com
Bugs: Directory traversal
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 13.12.2016
Reference: SAP Security Note 2310790
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION
Title: [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
Advisory ID: [ERPSCAN-16-041]
Risk: medium...

Your guide to LibrePlanet 2017, wherever you are, March 25-26
    20 Mar 2017 | 22:14 from FSF's blog

The free software community encompasses the globe, and we strive to make the LibrePlanet conference reflect that. That's why we livestream the proceedings of the conference, and encourage you to participate remotely by both watching and participating in the discussion via IRC chat.