Home page logo
/
oss-sec logo
Open Source Security Mailing List

Discussion of security flaws, concepts, and practices in the Open Source community

List Archives

Jan–MarApr–JunJul–SepOct–Dec
2014714711886428
2013777648688583
2012815578591549
2011640738550591
2010291376465383
2009250264272304
2008206390402358

Latest Posts

CVE Request: Linux 3.17 guest-triggerable KVM OOPS Andy Lutomirski (Oct 23)
On Linux 3.17, a KVM guest can trigger a NULL pointer dereference by
forcing the host to emulate certain well-formed RIP-relative
instructions or certain types of corrupt or page-straddling
instructions. This is almost certainly just a DoS -- there is a
single read-modify-write to the NULL pointer, and no kernel code will
consume data loaded from the NULL pointer if something is mapped
there.

The bugs, or at least dangerous code, arguably...

Re: strings / libbfd crasher Dave Rutherford (Oct 23)
Clicking 'Save Link As...' in Chromium 37.0.2062.120 Ubuntu 14.04 (281580)
crashes the browser, though chromium does not seem to link against libbfd.
Firefox does not appear to be vulnerable.

Re: strings / libbfd crasher Michal Zalewski (Oct 23)
The immediate cause is due to srec_scan() in srec.c decreasing 'bytes'
without range checking until it wraps around. The already-bad value of
'bytes' is assigned to 'sec->size' few lines before the crash, so
perhaps there would be potential for exploitability later down the
line; but the code ends up crashing soon thereafter in a 'while (bytes

go over the entire address space without SEGV to avoid the crash....

strings / libbfd crasher Hanno Böck (Oct 23)
Hi,

I'm forwarding this here so it doesn't get lost:
https://twitter.com/lcamtuf/status/524213424373243905
https://twitter.com/lcamtuf/status/524214698237898753
http://lcamtuf.coredump.cx/stringme

Short: Michal Zalewski (who is also on this list and probably can give
us some more info) fuzzed a sample that crashes the strings command,
due to a bug in libbfd.
(by the way: nice catch, always interesting to see potential vulns in
places...

Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 Arun Babu Neelicattu (Oct 23)
Pinging this thread, since there has been no response since September 17.

----- Original Message -----

Re: CVE Request: systemd-shim DoS issue cve-assign (Oct 23)
Use CVE-2014-8399.

Re: CVE Request: smarty: secure mode bypass cve-assign (Oct 23)
Use CVE-2014-8350.

CVE Request: smarty: secure mode bypass Salvatore Bonaccorso (Oct 22)
Hi

Can a CVE be assigned for the following smarty issue: upstream
released new version 3.1.21:

Changelog: https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902

Debian Bugreport: https://bugs.debian.org/765920

Regards,
Salvatore

CVE-2014-3712 Katello: user parameters passed to to_sym Kurt Seifried (Oct 22)
Jan Rusnacko of Red Hat reports:

Katello code exposes potential to_sym Denial of Service attack vector
from user input parameters. The two places identified are:

https://github.com/Katello/katello/blob/9231e24f93fa804e557fc95637cfa2c5bb92f6a7/app/controllers/katello/content_search_controller.rb#L617

https://github.com/Katello/katello/blob/9231e24f93fa804e557fc95637cfa2c5bb92f6a7/app/controllers/katello/api/api_controller.rb#L87

This type of...

CVE Request: systemd-shim DoS issue Marc Deslauriers (Oct 22)
Hello,

systemd-shim version 8 shipped with a debugging clause enabled that may result
in a denial of service attack by local users.

Fixed by:
https://github.com/desrt/systemd-shim/commit/d2e91c118f6128875274a638007702d1cc665893

Could a CVE please be assigned to this issue?

Thanks,

Marc.

[OSSA 2014-037] Nova VMware instance in resize state may leak (CVE-2014-8333) Tristan Cacqueray (Oct 21)
OpenStack Security Advisory: 2014-037
CVE: CVE-2014-8333
Date: October 21, 2014
Title: Nova VMware instance in resize state may leak
Reporter: Zhu Zhu (IBM)
Products: Nova
Versions: up to 2014.1.3

Description:
Zhu Zhu from IBM reported a vulnerability in Nova VMware driver. If an
authenticated user deletes an instance while it is in resize state, it
will cause the original instance to not be deleted. An attacker can use
this to launch a denial...

CVE-2014-3690: KVM DoS triggerable by malicious host userspace Andy Lutomirski (Oct 21)
[sorry for somewhat late notice -- I didn't notice that the patch was
public until just now]

KVM has a bug that allows malicious host user code that can open the
/dev/kvm device on a VMX (Intel) machine to DoS the system. (In my
proof of concept, the DoS is a rather spectacular failure of the whole
system, although I haven't checked whether the kernel panics. A more
refined exploit *might* be able to kill targetted user processes,...

Re: Vulnerabilities in WordPress Database Manager v2.7.1 cve-assign (Oct 21)


Use CVE-2014-8336.

Re: CVE request for vulnerability in OpenStack Nova cve-assign (Oct 21)
Use CVE-2014-8333 for this virt/vmwareapi/vmops.py race condition that
results in inadvertent preservation of the -orig instance.

AW: Multiple disputed issues in util-vserver Fiedler Roman (Oct 21)
Hello Carlos,

patched

in

within

might

thus

host

process

is

calling

like

For code execution, I would guess, this should be less of a risk. The only
thing, I could think of, is that if namespace separation is not completely
clean, that it might be somehow possible, that the guest process (uid=0)
being the parent of the host process finds some way to ptrace et al control
the host process.

DOS might be more likely, therefore a malicious...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]