Arces - Bugtraq

The Ambassador

The Ambassador is both warrior and diplomat. He listens to the words of those who deserve influence and guides those in his care as he guides himself. He acts not selfishly but for the betterment of all.

Resources » Article Library » Bugtraq

[SECURITY] [DSA 2628-2] nss-pam-ldapd update

Posted by Moritz Muehlenhoff on Jun 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-2628-2 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nss-pam-ldapd
Vulnerability : buffer overflow
Problem type...

[SECURITY] [DSA 2698-1] tiff security update

Posted by Michael Gilbert on Jun 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-2698-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tiff
Vulnerability : buffer overflow
Problem type :...

APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and Mac OS X v10.6 Update 16

Posted by Apple Product Security on Jun 18

APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and
Mac OS X v10.6 Update 16

Java for OS X 2013-004 and Mac OS X v10.6 Update 16 is now available
and addresses the following:

Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,
OS X Mountain Lion 10.8 or later
Impact: Multiple vulnerabilities in Java 1.6.0_45
Description: 8011782 Multiple vulnerabilities existed in Java...

Re: Apple and Wifi Hotspot Credentials Management Vulnerability

Posted by Jeffrey Walton on Jun 18

My bad. The application estimates the time to crack the password used.
It does not attempt to recover the password.

Apple and Wifi Hotspot Credentials Management Vulnerability

Posted by Jeffrey Walton on Jun 18

This vulnerability was published to the OWASP Mobile Security list as
a research paper by Andreas Kurtz, Daniel Metz and Felix Freiling. See
"Cracking iOS personal hotspots using a Scrabble crossword game word
list," http://lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June/000640.html.

It appears Apple Wifi hotspot passwords are generated using a wordlist
consisting of 1842 words. The authors built a customer cracker to...

[SECURITY] [DSA 2710-1] xml-security-c security update

Posted by Salvatore Bonaccorso on Jun 18

-------------------------------------------------------------------------
Debian Security Advisory DSA-2710-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xml-security-c
Vulnerability : several
Problem type :...

FreeBSD Security Advisory FreeBSD-SA-13:06.mmap

Posted by FreeBSD Security Advisories on Jun 18

=============================================================================
FreeBSD-SA-13:06.mmap Security Advisory
The FreeBSD Project

Topic: Privilege escalation via mmap

Category: core
Module: kernel
Announced: 2013-06-18
Credits: Konstantin Belousov
Alan Cox
Affects: FreeBSD 9.0 and...

Re: CVE-2013-2156: Apache Santuario C++ heap overflow vulnerability

Posted by Cantor, Scott on Jun 18

CVE-2013-2156: Apache Santuario XML Security for C++ contains heap
overflow while processing InclusiveNamespace PrefixList

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: A heap overflow exists in the processing of the PrefixList
attribute optionally used in conjunction with Exclusive Canonicalization,
potentially allowing arbitary...

CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability

Posted by Cantor, Scott on Jun 18

CVE-2013-2154: Apache Santuario XML Security for C++ contains a stack
overflow during XPointer evaluation

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: A stack overflow, possibly leading to arbitrary code
execution, exists in the processing of malformed XPointer expressions
in the XML Signature Reference processing code.

An...

CVE-2013-2155: Apache Santuario C++ denial of service vulnerability

Posted by Cantor, Scott on Jun 18

CVE-2013-2155: Apache Santuario XML Security for C++ contains denial
of service and hash length bypass issues while processing HMAC signatures

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: A bug exists in the processing of the output length of an
HMAC-based XML Signature that would cause a denial of service when
processing...