Feed aggregator

Re: [FD] Strength and Weakness of Methods to Confirm SSH Host Key

BugTraq Latest Security Advisories - September 25, 2014 - 6:55am

Posted by Gunnar Wolf on Sep 25

John Leo dijo [Mon, Sep 22, 2014 at 03:51:57PM +0800]:

The "vote counting" goes against knowing whether the signing key is
valid or not. When you are asserting the identity of a site you
control, or a site you trust, this would only become a *second* chain
of trust, if I understand you right. And, of course, the signer
*should* be the same as the site operator!

A PKI is just the same as the vote counting you mention for OpenPGP,
but...
Categories:

[ MDVSA-2014:186 ] bash

BugTraq Latest Security Advisories - September 25, 2014 - 6:48am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:186
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : bash
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

A flaw...
Categories:

Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

BugTraq Latest Security Advisories - September 25, 2014 - 6:37am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

Advisory ID: cisco-sa-20140924-sip

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software
could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability,...
Categories:

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System

BugTraq Latest Security Advisories - September 25, 2014 - 6:29am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System

Advisory ID: cisco-sa-20140924-mdns

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

The Cisco IOS Software implementation of the multicast Domain Name System (mDNS) feature contains the following
vulnerabilities when processing mDNS packets that could allow an unauthenticated, remote attacker to cause a denial of
service (DoS)...
Categories:

Cisco Security Advisory: Cisco IOS Software Network Address Translation Denial of Service Vulnerability

BugTraq Latest Security Advisories - September 25, 2014 - 6:19am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software Network Address Translation Denial of Service Vulnerability

Advisory ID: cisco-sa-20140924-nat

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

A vulnerability in the Network Address Translation (NAT) feature of Cisco IOS Software could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to
improper...
Categories:

Bugtraq: [ MDVSA-2014:185 ] libgadu

Security Focus Latest Security Advisories - September 25, 2014 - 6:15am
[ MDVSA-2014:185 ] libgadu
Categories:

Bugtraq: [ MDVSA-2014:183 ] phpmyadmin

Security Focus Latest Security Advisories - September 25, 2014 - 6:15am
[ MDVSA-2014:183 ] phpmyadmin
Categories:

Bugtraq: [ MDVSA-2014:181 ] dump

Security Focus Latest Security Advisories - September 25, 2014 - 6:15am
[ MDVSA-2014:181 ] dump
Categories:

Bugtraq: [SECURITY] [DSA 3032-1] bash security update

Security Focus Latest Security Advisories - September 25, 2014 - 6:15am
[SECURITY] [DSA 3032-1] bash security update
Categories:

Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability

BugTraq Latest Security Advisories - September 25, 2014 - 6:09am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability

Advisory ID: cisco-sa-20140924-dhcpv6

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

A vulnerability in the DHCP version 6 (DHCPv6) server implementation of Cisco IOS Software and Cisco IOS XE Software
could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to improper parsing...
Categories:

Cisco Security Advisory: Cisco IOS Software Metadata Vulnerabilities

BugTraq Latest Security Advisories - September 25, 2014 - 5:59am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software Metadata Vulnerabilities

Advisory ID: cisco-sa-20140924-metadata

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker
to reload a vulnerable device.

The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata...
Categories:

Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability

BugTraq Latest Security Advisories - September 25, 2014 - 5:50am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software RSVP Vulnerability

Advisory ID: cisco-sa-20140924-rsvp

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Cisco IOS
XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be
exploited repeatedly to cause an extended denial of...
Categories:

[ MDVSA-2014:184 ] net-snmp

BugTraq Latest Security Advisories - September 25, 2014 - 5:42am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:184
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : net-snmp
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:183 ] phpmyadmin

BugTraq Latest Security Advisories - September 25, 2014 - 5:34am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:183
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : phpmyadmin
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:182 ] zarafa

BugTraq Latest Security Advisories - September 25, 2014 - 5:24am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:182
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : zarafa
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:181 ] dump

BugTraq Latest Security Advisories - September 25, 2014 - 5:15am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:181
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : dump
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:185 ] libgadu

BugTraq Latest Security Advisories - September 25, 2014 - 5:05am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:185
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : libgadu
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

Bugtraq: [SECURITY] [DSA 3031-1] apt security update

Security Focus Latest Security Advisories - September 25, 2014 - 5:00am
[SECURITY] [DSA 3031-1] apt security update
Categories:

Bugtraq: CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser

Security Focus Latest Security Advisories - September 25, 2014 - 5:00am
CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser
Categories:

Bugtraq: [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability

Security Focus Latest Security Advisories - September 25, 2014 - 5:00am
[KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability
Categories: