In order to inspect encrypted data streams using SSL/TLS, Kaspersky installs a WFP driver to intercept all outgoing HTTPS connections. They effectively proxy SSL connections, inserting their own certificate as a trusted authority in the system store and then replace all leaf certificates on-the-fly. This is why if you examine a certificate when using Kaspersky Antivirus, the issuer appears to be "Kaspersky Anti-Virus Personal Root". Kaspersky's certificate interception has previously resulted in serious vulnerabilities, but quick review finds many simple problems still exist. For example, the way leaf certificates are cached uses an extremely naive fingerprinting technique. Kaspersky cache recently generated certificates in memory in case the user agent initiates another connection. In order to do this, Kaspersky fetches the certificate chain and then checks if it's already generated a matching leaf certificate in the cache. If it has, it just grabs the existing certificate and private key and then reuses it for the new connection. The cache is a binary tree, and as new leaf certificates and keys are generated, they're inserted using the first 32 bits of MD5(serialNumber||issuer) as the key. If a match is found for a key, they just pull the previously generated certificate and key out of the binary tree and start using it to relay data to the user-agent. You don't have to be a cryptographer to understand a 32bit key is not enough to prevent brute-forcing a collision in seconds. In fact, producing a collision with any other certificate is trivial.
62a363de88e0143fb1b6e4fbc89e03980ce4d3bb71f50510388690356f2ef1c2
As a part of the KNOX extensions available on Samsung devices, Samsung provides a TrustZone trustlet which allows the generation of OTP tokens. The OTP TrustZone trustlet suffers from a stack buffer overflow.
d251f615016ad2f13d1ac6b46b510c797add40d6d16be9da1091512713543876
This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library.
a6480837acf975f49749549e06ab31dc5538b6276d390b38aa0f7a89e63148d0
Samsung's lkmauth feature suffers from a kernel module verification bypass vulnerability.
d3e8df02ad2ff3dcdcf65ecac7602a7b7a92dabfacf78b38ce1d773ee6732c0d
Gentoo Linux Security Advisory 201701-15 - Multiple vulnerabilities have been found in Mozilla Firefox, SeaMonkey, and Thunderbird the worst of which could lead to the execution of arbitrary code. Versions less than 45.6.0 are affected.
0bedd3566eb12b4450576ccf6cab5a26e4212a62071909223fd527560cddaa66
Red Hat Security Advisory 2017-0002-01 - Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a newer upstream version: rh-nodejs4-nodejs, rh-nodejs4-http-parser. Security Fix: It was found that Node.js' tls.checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate accepted by a Node.js TLS client.
487f8935425fab345c81e3d7c667d1f0fbea527ff25fc99538a766b46a2d968b
As a part of the KNOX extensions available on Samsung devices, Samsung provides a new service which allows the generation of OTP tokens and suffers from a heap overflow vulnerability.
5c188675a5f0bb9b4a4a2e92aeb5426c41a9d970faee7de29a34102d938f6483
Kaspersky fails to adequately protect its local CA root.
e616d063bcea88d45ea4488a02eadbbf74b14cc52e5b5963dad38248c18bd1aa
Stack buffer overflow and information disclosure vulnerabilities exist in the Samsung OTP TrustZone trustlet via OTP_GET_CRYPTO_DERIVED_KEY.
4be8f76a129448aa3f0cabbae41989cd16d89dc95b8f9b129a48d198c0e109be
Red Hat Security Advisory 2017-0004-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash.
5e98612a0e8b9d97f38f548ca41a8e910a16e3612a05dcf2327d39714b89f095
Red Hat Security Advisory 2017-0003-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.
c576a0024788624cca93300c576a93eea04781c886dabb1e23cefd52950286e2
Debian Linux Security Advisory 3750-2 - A functionally regression was discovered in some specific usage scenarios of PHPMailer following the security update of DSA-3750. New packages have been released which correct the problem.
89d8975f83a99d2bdaab1219b4564fd46284c201591c36d28866cee151b2244c
Internet Download Accelerator version 6.10.1.1527 SEH FTP buffer overflow exploit.
7874cb1d2810b2da3d57766262574c5caf3e798d8c840e2c0f7736799222c852
Netgear models DGN2200, DGND3700, and WNDR4500 suffer from multiple information disclosure vulnerabilities, one of which leaks the admin password.
7699e7293cf0532854ab48aef49ffce47460743150b4bd1783417f036424a521
My Click Counter version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c9fbd3f73b992b9916c183ac0fa0f68c3da72fc5dca9625197f5646d39558f7d
PDFAdd version 1.2 suffers from a dll hijacking vulnerability.
3e623315804f0a9f0fbc3a81913b342a2fd3e1375605f8f9bbe47a7886d270aa