« Posts under vulnerability

Alleged XSS-Vulnerability in WordPress a Fake

October 27, 2012 / posted in cross-site scripting, security, Uncategorized, vulnerability, WordPress / 2 Comments

On Wednesday, October 24th 2012, this report was sent to the BugTraq-Mailinglist, describing an alleged XSS-vulnerability in WordPress, presumably in all versions of the wide-spread blogging software. What’s the fuss about? As I run this blog using WordPress myself, I am of course very interested in keeping my blog secure, so I took my time to [...]

Exim DKIM DNS Decoding Buffer Overflow Vulnerability

October 26, 2012 / posted in Buffer Overflow, Bug, mail-server, security, server, Uncategorized, vulnerability / No Comments

The widely used opensource email-server Exim has been reported to be vulnerable to a buffer overflow in the DKIM DNS Decoding routines. An updated version of Exim, which addresses this issue is already available. As it fixes only this specific issue, the new version-number is 4.80.1. According to the Author, Phil Pennock, to avoid confusion, there [...]

ISC BIND DNS Server Open for DoS-Exploit

October 11, 2012 / posted in BIND, denial-of-service, exploit, security, Security Advisory, vulnerability / No Comments

The Internet Systems Consortium (ISC) is currently warning about a critical vulnerability in the free BIND name server, which can be exploited by an attacker to cause a denial-of-service condition (DoS). According to the ISC, the security issue CVE-2012-5166 is caused by a problem when processing a specially crafted combination of resource records (RDATA): when [...]

Critical Security-Hole in Firefox 16

October 11, 2012 / posted in firefox, security, vulnerability / No Comments

Just one day after official release, Mozilla already pulled the latest update of Firefox 16 off their website again, due to a severe security vulnerability. As Michael Coates states in his blog, the impact of the vulnerability is as follows: The vulnerability could allow a malicious site to potentially determine which websites users have visited [...]

Android-Smartphones vulnerable to USSD-Attacks

September 27, 2012 / posted in Android, Apps, mobile, security, smartphone, USSD, vulnerability / No Comments

We all heard the news that Samsung had trouble with a few of its smartphones being vulnerable to USSD-Attacks that could be used to hard-reset them to factory-settings. Well, as it seems, the problem is not restricted to Samsung. In fact, quite a number of Android-based smartphones are affected, and hard-resetting is just one possibility. [...]

NetBSD Security Advisory 2010-011: OpenSSL Double Free Arbitrary Code Execution

October 28, 2010 / posted in BSD, Bug, NetBSD, OpenSSL, Operating System, Patch, pkgsrc, security, Security Advisory, server, SSL/TLS, Uncategorized, update, vulnerability / No Comments

A new security advisory for NetBSD has just been published. The contents of the Advisory is written below: Version: NetBSD-current: source prior to August 11, 2010 NetBSD 5.0.*: affected NetBSD 5.0: affected NetBSD 4.0.*: affected NetBSD 4.0: affected pkgsrc: openssl package prior to 0.9.8onb1 Severity: Denial of Service and potential arbitrary code execution Fixed: NetBSD-current: [...]

NetBSD Security Advisory 2010-008: sftp(1)/ftp(1)/glob(3) related resource exhaustion

October 7, 2010 / posted in BSD, denial-of-service, NetBSD, Operating System, Patch, security, Security Advisory, vulnerability / No Comments

A new security advisory for NetBSD has just been published. The contents of the Advisory is written below: Abstract In 2001 GLOB_LIMIT was added to glob(3) to limit the potential amount of memory used by globbed patterns. Unfortunately this implementation had many limitations and did not do enough to limit memory or CPU attacks. This [...]

Debian Linux / OpenSSL: predictable random number generator

May 13, 2008 / posted in Bug, Debian, Linux, Network, OpenSSL, Operating System, security, SSL/TLS, vulnerability / No Comments

I just received word about a major security issue with Debian Linux’ OpenSSL-Package. All Debian-Versions, from sid over lenny to etch are affected. The issue: the openssl-package of Debian has a debian-specific change, which has caused the random number generator to be predictable. All certificates generated through these packages are thus weak and to be [...]

Debian Linux / OpenSSL: predictable random number generator

May 13, 2008 / posted in Bug, Debian, Linux, Network, OpenSSL, Operating System, security, SSL/TLS, vulnerability / No Comments

I just received word about a major security issue with Debian Linux’ OpenSSL-Package. All Debian-Versions, from sid over lenny to etch are affected. The issue: the openssl-package of Debian has a debian-specific change, which has caused the random number generator to be predictable. All certificates generated through these packages are thus weak and to be [...]

lighttpd <= 1.4.19 has a denial of service vulnerability

April 7, 2008 / posted in Bug, connection, denial-of-service, lighttpd, security, SSL/TLS, vulnerability / No Comments

On Thursday, March 27th 2008, a DoS-vulnerability in lighttpd 1.4.19 and lower versions was reported on cve.mitre.org. It has been confirmed through lighttpd’s bug-tracking system. As of this writing, there is no official bugfix-release of lighttpd, yet, but according to the bug-tracking system, the issue is closed and marked as fixed. This suggests that there [...]