what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-02-18

Nazca: Detecting Malware Distribution In Large-Scale Networks
Posted Feb 18, 2014
Authored by Prof. Giovanni Vigna, Christopher Kruegel, Stanislav Miskovic, Ruben Torres, Luca Invernizzi, Marco Mellia, Sung-Ju Lee, Sabyasachi Saha

Whitepaper called Nazca: Detecting Malware Distribution in Large-Scale Networks. In this paper, they study how clients in real-world networks download and install malware, and present Nazca, a system that detects infections in large scale networks. Nazca does not operate on individual connections, nor looks at properties of the downloaded programs or the reputation of the servers hosting them. Instead, it looks at the telltale signs of the malicious network infrastructures that orchestrate these malware installation that become apparent when looking at the collective traffic produced and becomes apparent when looking at the collective traffic produced by many users in a large network. Being content agnostic, Nazca does not suffer from coverage gaps in reputation databases (blacklists), and is not susceptible to code obfuscation. They have run Nazca on seven days of traffic from a large Internet Service Provider, where it has detected previously-unseen malware with very low false positive rates.

tags | paper
SHA-256 | 032e0a68647df30e19b1e6384d3777c89aaa648d1c9fa02c224a00ccae04a680
Lynis Auditing Tool 1.4.1
Posted Feb 18, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: A new --plugin-dir parameter, support for 64-bit locations for Apache modules, extended logging, and several test improvements.
tags | tool, scanner
systems | unix
SHA-256 | 6df617ee79fb23beec2f85b10909b8120664dc293d9dff1a3386c94869b72931
Mandos Encrypted File System Unattended Reboot Utility 1.6.4
Posted Feb 18, 2014
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: This release adds a minor fix to self-tests.
tags | remote, root
systems | linux, unix
SHA-256 | 731927c2cdea60e3c6b3a504b188025b7654cc0b172066013234b7695648d60e
RECON 2014 Call For Papers
Posted Feb 18, 2014
Authored by REC0N 2014 | Site recon.cx

REcon 2014 is a computer security conference for reverse engineers, hackers, and enthusiasts. It is held annually in Montreal, Canada and the Call For Papers has been announced.

tags | paper, conference
SHA-256 | 47927abb89bab2ac193c1a5d1a0d65f0ddafa6868756ed6f19820e7f1271d7b6
File Hub 1.9.1 Code Execution / Local File Inclusion
Posted Feb 18, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

File Hub version 1.9.1 suffers from remote code execution and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | fb2b943db8bc3e86e07c39ad67f7b3baed8d871ca32abfab010521177ba59b0a
My PDF Creator And DE DM 1.4 LFI / File Upload
Posted Feb 18, 2014
Authored by Katharina S.L., Vulnerability Laboratory | Site vulnerability-lab.com

My PDF Creator and DE DM version 1.4 suffers from local file inclusion and file upload vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, file upload
SHA-256 | cc81c0b63733f6dd75f11423ad214819b47b184980b8f221c00c8841c9555a0d
IPT_PKD Iptables Port Knocking Detection 1.12
Posted Feb 18, 2014
Authored by eric

ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.

Changes: This release fixes a bug in knock.py when sending a knock to a site not in the configuration file or when the configuration file doesn't exist.
tags | tool, kernel, udp, firewall
systems | linux
SHA-256 | 80cfd1f2cb606a00ce131d4f55531bcda605931849efe12331e37b5a2a1bba48
Oracle Forms / Reports Remote Code Execution
Posted Feb 18, 2014
Authored by Mekanismen, Dana Taylor | Site metasploit.com

This Metasploit module uses two vulnerabilities in Oracle forms and reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be used to write a shell from a remote url to a known local path disclosed from the previous vulnerability. The local path being accessible from an URL then allows us to perform the remote code execution using for example a .jsp shell. Tested on Windows and Oracle Forms and Reports 10.1.

tags | exploit, remote, arbitrary, shell, local, vulnerability, code execution
systems | windows
advisories | CVE-2012-3152, CVE-2012-3153, OSVDB-86395, OSVDB-86394
SHA-256 | 0ae51161a01d969079b5ae31c9e558381714eaaed892cb6da032845477f29e85
Gentoo Linux Security Advisory 201402-17
Posted Feb 18, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-17 - Multiple vulnerabilities in Xpdf could result in execution of arbitrary code. Versions less than or equal to 3.02-r4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-4035, CVE-2010-3702, CVE-2010-3704
SHA-256 | 1f006b1e25e6174b446336d6d342e87c3bc6c5a1719a0776210c16b2b5afe4ca
Mandriva Linux Security Advisory 2014-038
Posted Feb 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-038 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service or possibly gain privileges via a crafted application. The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. The updated packages provides a solution for these security issues.

tags | advisory, denial of service, x86, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2014-0038, CVE-2014-1438, CVE-2014-1446
SHA-256 | e2c4547e50770bd3df69abde587f4db32a1c9a1954a305f2d7cf5ee05330a99e
Mandriva Linux Security Advisory 2014-037
Posted Feb 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-037 - This updates provides ffmpeg version 0.5.13 and 0.10.11, which fixes several unspecified security vulnerabilities and other bugs which were corrected upstream.

tags | advisory, vulnerability
systems | linux, mandriva
SHA-256 | d03ad4b69e70137039a435da637b88b2ab53aefeb86a0f09b73159e3835520d7
Mandriva Linux Security Advisory 2014-036
Posted Feb 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-036 - Varnish before 3.0.5 allows remote attackers to cause a denial of service via a GET request with trailing whitespace characters and no URI. Also, the services have been converted from SysV init scripts to systemd-native services, which should allow for more consistent behavior.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-4484
SHA-256 | fc02cb3564571294ca8fbe0363d8e7dd5c8f5669e65f5fa32a4f6ddb9224686e
Mandriva Linux Security Advisory 2014-035
Posted Feb 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-035 - The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-6954
SHA-256 | 931cc541f67fd6e0d62d7e1e7506f2812d8e4e5308cd9f5cc5bd2921b946d1a5
Debian Security Advisory 2862-1
Posted Feb 18, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2862-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-6641, CVE-2013-6643, CVE-2013-6644, CVE-2013-6645, CVE-2013-6646, CVE-2013-6649, CVE-2013-6650
SHA-256 | b90e47244d4361de2a4c1e7689a91eb7c5d6021b03e6810350c33bf2949ef1cd
Debian Security Advisory 2861-1
Posted Feb 18, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2861-1 - It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID CVE-2014-1943 has been assigned to identify this flaw. Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-1943
SHA-256 | ba2d4742d86e1523c1ae2d5dddb4735ff294e3ccbb690646000820894c4b5493
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close