Blacknurse is a low bandwidth ICMP attack that is capable of doing denial of service to well known firewalls. Most ICMP attacks that we see are based on ICMP Type 8 Code 0 also called a ping flood attack. BlackNurse is based on ICMP with Type 3 Code 3 packets. We know that when a user has allowed ICMP Type 3 Code 3 to outside interfaces, the BlackNurse attack becomes highly effective even at low bandwidth. Low bandwidth is in this case around 15-18 Mbit/s. This is to achieve the volume of packets needed which is around 40 to 50K packets per second. It does not matter if you have a 1 Gbit/s Internet connection. The impact we see on different firewalls is typically high CPU loads. When an attack is ongoing, users from the LAN side will no longer be able to send/receive traffic to/from the Internet. All firewalls we have seen recover when the attack stops. Various firewalls such as Cisco ASA 5515/5525/5550/5515-X, Fortigate, SonicWall, and more are affected.
f71da4e19171d1ad7f74a50978fc1981638a994ffd31303ede3fc3d6659fde3fA malicious interaction with the keyctl usermode interface allows an attacker to crash the kernel. Processing the attached certificate by the kernel leads to a kernel nullpointer dereference. This vulnerably can be triggered by any unprivileged user locally.
f84b2c209822d9c15501892e2c718cb3967a4db2792d9be2b18757f3378ca33cMounting a crafted EXT4 image read-only leads to a memory corruption and SLAB out of bounds reads (according to KASAN). Since the mounting procedure is a privileged operation, an attacker is probably not able to trigger this vulnerability on the commandline. Instead the automatic mounting feature of the GUI via a crafted USB device is required.
76833a7057ed11a9603a2cca2127a14da53cfb98824820fa60de3d7cf3b821a6Gentoo Linux Security Advisory 201611-8 - Multiple vulnerabilities have been found in libpng, the worst of which may allow remote attackers to cause Denial of Service. Versions less than 1.6.21 are affected.
af56e343ff091a131c14cea1b83ea801e986ee721dab18820a2a08392abce80fGentoo Linux Security Advisory 201611-7 - polkit is vulnerable to local privilege escalation. Versions less than 0.113 are affected.
3c004982512d4668fabdd477a79b048c32dea21a9f1d8d4bb6c55235d81a54a2Gentoo Linux Security Advisory 201611-6 - A vulnerability in xinetd could lead to privilege escalation. Versions less than 2.3.15-r2 are affected.
1ceb98758118fd5375c5611a9f829b7b2c21d5c8315cf8449754f94ce9969b26Gentoo Linux Security Advisory 201611-5 - tnftp is vulnerable to remote code execution if output file is not specified. Versions less than 20141104 are affected.
3714fd619d496c5232b4708937dc2490c0a41fd3dea634635ec841f8cfbdceaeRed Hat Security Advisory 2016-2750-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included. The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. Security Fixes in the rh-php56-php component have been added.
7a4b8b8d6b3eabdf404c0529d77c336afa623f07425290b0ef039e4d4015bb0bRed Hat Security Advisory 2016-2749-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: rh-mysql56-mysql. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
2885c698b7f8dbeb61cdef79060e442a4d80a5dfbab9153600b85b4aee6e32caGentoo Linux Security Advisory 201611-9 - Multiple vulnerabilities have been found in Xen, the worst of which allows gaining of privileges on the host system. Versions less than 4.6.3-r3 are affected.
150b8fc9649193c656cb063bfd7db2df2856b9f70acd30052aa163a2c2782573The VHDMP driver does not safely delete files leading to arbitrary file deletion which could result in elevation of privilege.
83a9ca054e84e9cb0b4edffe665f32711fdddafa66cced5b63b30ba0907cfc2fA Windows kernel crash can occur in the nt!RtlEqualSid function invoked through nt!SeAccessCheck by nt!CmpCheckSecurityCellAccess while loading corrupted registry hive files.
5395350a5bb6db06990997f9489cc97555596c3fb508d3b40ddb43659f993001The VHDMP driver does not open physical disk drives securely when creating a new VHD leading to information disclosure and elevation of privilege by allowing a user to access data they should not have access to.
ece66dd4e9a21d845f73e76160ee3d7d4ddb8db78f87bb255a2a71718d6d508cThe VHDMP driver does not correctly handle impersonation levels leading to the possibility of impersonating a privileged token when performing certain actions such as creating/modifying a VHD leading to elevation of privilege.
2dd3df095b5f804e247c897db2ccee0b7686f6aba635737c00ff269c7dd3eef9The VHDMP driver does not safely create files related to Resilient Change Tracking leading to arbitrary file overwrites under user control leading to elevation of privilege.
47779f4011b5478d641f7b65e43f21241798700a262c616442aaa6c5144cb4a7A specially crafted web-page can cause Microsoft Edge to free memory used for a CAttrArray object. The code continues to use the data in freed memory block immediately after freeing it. It does not appear that there is enough time between the free and reuse to exploit this issue.
7b085c40b0b5c32560e511980a285156cb74ab99f30b0b11136ee56130ebcd24This Metasploit module exploits a buffer overflow in the WinaXe 7.7 FTP client. This issue is triggered when a client connects to the server and is expecting the Server Ready response.
85d7535ae65c59c347e6f08373d814850760c27acc6b296cd04efd4c9b986b81This Metasploit module exploits a vulnerability found in TrendMicro Smart Protection Server where untrusted inputs are fed to ServWebExec system command, leading to command injection. Please note: authentication is required to exploit this vulnerability.
c0669d4763a8b0f7006a57298e45c4f523d05ca9e7d1a8c304ef6ed3cde57c5fRed Hat Security Advisory 2016-2718-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 54.0.2840.100. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
05b2ed146c3ff682639e67872348b4088b751bc112d944ed2b0afb65e94474cdRed Hat Security Advisory 2016-2706-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.
34ebf6833be3f8e06b1450c8d4b0768a9ee4ddf47d72a2dc7c01e2f31352f4a8HP Security Bulletin HPSBUX03665 2 - Potential security vulnerabilities have been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and URL Redirection. Revision 2 of this advisory.
8a33a45462fb5af32efafe6f3107b91eb71ecf3236ac6ed9fb1332835889de91HP Security Bulletin HPSBGN03669 1 - Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery. Revision 1 of this advisory.
ac957c536f14c0a27badb6f04185ed0c67d4cacfcf48129853672a6a8767ef2fRed Hat Security Advisory 2016-2705-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.
588ecdc7db1b9535e0fadaa19780440e5e7c00ae836c3d30d91b4d780cd3605dRed Hat Security Advisory 2016-2704-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.
4b59304042b5184a421ccdac24e9a3a137fd12ff1ce2a39859c76c926a881514This document is meant to be a general purpose cybercrime report template for victims.
d2a757ec4ee74be20c8708dcd4bc1be434315415d4d907969ebf5e328eb1d4b7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed