Mandriva Linux Security Advisory 2014-138 - Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action. Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service inactive or incomplete HTTP connections. The updated packages has been upgraded to the 11.11.0 version which is not vulnerable to these issues.
d0b6e36b5ffeb369a37f9f40b9aca3279792173c43c84fd7774bdaa4ea81c34bMandriva Linux Security Advisory 2014-137 - Multiple vulnerabilities have been discovered and corrected in apache-mod_wsgi. It was found that mod_wsgi did not properly drop privileges if the call to setuid failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. It was discovered that mod_wsgi could leak memory of a hosted web application via the Content-Type header. A remote attacker could possibly use this flaw to disclose limited portions of the web application's memory. The updated packages have been patched to correct these issues.
3ddfcc4920c88bed0f479472956bfb387b06ff904fa88974b7ac9b7edb4d0c30Mandriva Linux Security Advisory 2014-136 - Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server.
8eef9aa7b5bed8242080833cd967256c4ecebf611c7e4b025a94c1c923aeaa25Whitepaper called the Cryptographic Overhead of IPSec Protocol Suite During the Packet Exchange Process.
a50726bde091619f65322e9ea8f52a770da87b90c239063c84c5925eee955739
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed