본문 바로가기

취약점 정보1

2014-05-09 취약점 정리 Cisco TelePresence TC and TE Software Multiple Security Vulnerabilities 2014-05-08 http://www.securityfocus.com/bid/67170 Apple iOS 'MobileMail.app' Local Information Disclosure Vulnerability 2014-05-08 http://www.securityfocus.com/bid/67263 Oracle Java SE CVE-2014-0459 Remote Security Vulnerability 2014-05-08 http://www.securityfocus.com/bid/66910 Oracle Java SE CVE-2013-5802 Remote Security Vu.. 더보기
SNMP DDos attack It started with DNS: Simple short DNS queries are easily spoofed and the replies can be much larger then the request, leading to an amplification of the attack by orders of magnitude. Next came NTP. Same game, different actors: NTP's "monlist" feature allows for small requests (again: UDP, so trivially spoofed) and large responses. Today, we received a packet capture from a reader showing yet an.. 더보기
GeForce Experience 2.0.1 릴리스 GeForce Experience 2.0.1 릴리스 주요 내용 이번 업데이트에서 GameStream 내 버그가 수정되었습니다:SHIELD에서 원격 GameStream을 위한 OpenSSL 보안 강화 스트리밍 품질 개선 오디오 지연시간 단축 GeForce Experience 2.0릴리스 주요 내용 ShadowPlayGeForce GTX 노트북을 위한 지원 추가 GeForce GTX 800M, GTX 700M 및 일부 GTX 600M GPU 지원데스크톱 캡처를 위한 지원 추가 최신 GeForce 드라이버 필요 에어로 모드 사용 필요 데스크톱용 GPU에서만 가능1920 × 1200 캡처 추가 Alt-Tab 키를 누르면 녹화를 중단하는 대신 일시 정지 게임 실행 시가 아닌 비디오를 저장할 때 비디오 폴더 생성 .. 더보기
Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability OverviewFortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery (CSRF) vulnerability. (CWE-352)DescriptionCWE-352: Cross-Site Request Forgery (CSRF)Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the us.. 더보기
Caldera 9.20 contains multiple vulnerabilities Caldera 9.20 and possibly earlier versions contains a path traversal vulnerability due to the script '/dirmng/index.php' caused by improper limitation of a pathname to a restricted directory. An attacker can exploit this vulnerability to access arbitrary directories on the server's operating system. Example: /dirmng/index.php?PUBLIC=1&cdir=/ CWE-89 - Improper Neutralization of Special Elements u.. 더보기
2014-05-08 취약점 정리 Linux Kernel Multiple Function Remote Memory Corruption Vulnerabilities 2014-05-08 http://www.securityfocus.com/bid/66279 Linux Kernel 'handle_rx()' Function Denial of Service Vulnerability 2014-05-08 http://www.securityfocus.com/bid/66678 Linux Kernel AACRAID Driver Compat IOCTL Local Security Bypass Vulnerability 2014-05-08 http://www.securityfocus.com/bid/63888 libvirt Unsafe Paths Usage Syml.. 더보기
2014-05-07 취약점정리 SOAPpy XML External Entity Injection and Denial of Service Vulnerabilities 2014-05-07 http://www.securityfocus.com/bid/67216 Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability 2014-05-07 http://www.securityfocus.com/bid/67121 Samba 'dcerpc_read_ncacn_packet_done()' Function Heap Buffer Overflow Vulnerability 2014-05-07 http://www.securityfocus.com/bid/64191 Samba .. 더보기
IBM AIX Kernel Memory Leak / Denial Of Service IBM AIX versions 5.3, 6.1 and 7.1 releases VIOS 2.2.* suffer from kernel memory leak and denial of service vulnerabilities. It has been identified that the ptrace() system call can be manipulated by an unprivileged user into leaking uninitialized kernel memory and that the method by which this is achieved may also lead to a denial of service condition. This can be achieved by manipulating the pa.. 더보기
Apache Struts2 내부설정 변경 취약점 보안업데이트 권고 개요Apache Struts 2에서 보안우회 등이 가능한 취약점을 해결한 보안 업데이트 발표 [1,2]취약한 버전을 사용하고 있을 경우, 내부 세션 상태 등을 변조 가능해당 시스템영향을 받는 제품Apache Struts 2.0.0 ~ 2.3.16.1 버전 사용자해결 방안해당 취약점에 영향 받는 버전 사용자2.3.16.3 버전으로 업그레이드[2]용어 정리Apache Struts : 기업 급 자바 웹 프로그램 구축을 위한 프레임 워크 기타 문의사항한국인터넷진흥원 인터넷침해대응센터: 국번없이 118[참고사이트] [1] http://struts.apache.org/announce.html [2] http://struts.apache.org/release/2.3.x/docs/s2-022.htm 더보기
Windows Heap Overflow Exploitation In this article I will be talking about exploiting a custom heap : which is a big chunk of memory allocated by the usermode application using VirtualAlloc for example . The application will then work on managing 'heap' block allocations and frees (in the allocated chunk) in a custom way with complete ignorance of the Windows's heap manager. This method gives the software much more control over i.. 더보기

티스토리툴바