Showing 1 - 5 of 5

Files Date: 2015-08-14

Ubuntu Security Notice USN-2709-1: Posted Aug 14, 2015; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2709-1 - The pollinate package bundles the certificate for entropy.ubuntu.com. This update refreshes the certificate to match the new certificate for the server.; tags | advisory; systems | linux, ubuntu; SHA-256 | 515b8d6dbe355a16da8fb1581c572dc3b3ca25de060b3ca51000881d8e51f64b; Download | Favorite | View

Ubuntu Security Notice USN-2710-1: Posted Aug 14, 2015; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2710-1 - Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. Moritz Jodeit discovered that OpenSSH incorrectly handled context memory when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to bypass authentication or possibly execute arbitrary code. Various other issues were also addressed.; tags | advisory, remote, arbitrary; systems | linux, ubuntu; advisories | CVE-2015-5352, CVE-2015-5600; SHA-256 | 5e6d369a707bc3cd52edbf61992614fe1906738d5016b5215cd4d7307a0c93fe; Download | Favorite | View

SAP Afaria 7 Buffer Overflow: Posted Aug 14, 2015; Authored by Dmitry Chastukhin; SAP Afaria 7 suffers from a buffer overflow vulnerability.; tags | advisory, overflow; advisories | CVE-2015-4092; SHA-256 | af1eb12bb6ea9b28172a2499e235592204d5c6e5405e08d2b1b8ef6f471f8c15; Download | Favorite | View

Google Admin WebView Sandbox Bypass: Posted Aug 14, 2015; Authored by Vahagn Vardanyan; An issue was found when the Google Admin application received a URL via an IPC call from any other application on the same device. The Admin application would load this URL in a webview within its own activity. If an attacker used a file:// URL to a file that they controlled, then it is possible to use symbolic links to bypass Same Origin Policy and retrieve data out of the Google Admin sandbox.; tags | advisory, bypass; SHA-256 | fe1cf8309000f17cec08e939b1bf7ce76af4a964b50042b4e935fea7d6db7d68; Download | Favorite | View

Dismantling Megamos Crypto: Wirelessly Lockpicking A Vehicle Immobilizer: Posted Aug 14, 2015; Authored by Baris Ege, Roel Verdult, Flavio D. Garcia; The Megamos Crypto transponder is used in one of the most widely deployed electronic vehicle immobilizers. It is used among others in most Audi, Fiat, Honda, Volkswagen and Volvo cars. Such an immobilizer is an anti-theft device which prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a passive RFID tag which is embedded in the key of the vehicle. In this paper, the authors have reverse-engineered all proprietary security mechanisms of the transponder, including the cipher and the authentication protocol which we publish here in full detail. This article reveals several weaknesses in the design of the cipher, the authentication protocol and also in their implementation.; tags | paper, cryptography, protocol; SHA-256 | e8819e38284ae00f42181afdbb067dcbb1901e3845adf87a0c7b6914ed3d9c52; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days