US-CERT.gov

Feliratkozás US-CERT.gov hírcsatorna csatornájára
CERT publishes vulnerability advisories called "Vulnerability Notes." Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
Frissítve: 6 perc 38 másodperc

VU#857035: IKEv1 Main Mode vulnerable to brute force attacks

p, 08/17/2018 - 17:13
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389) It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode however, only an online attack against PSK authentication was thought to be feasible.
Kategóriák: Biztonsági hírek

VU#982149: Intel processors are vulnerable to level 1 terminal fault (L1TF) cache information disclosure via speculative execution side channel

sze, 08/15/2018 - 15:10
Multiple Intel processors may be vulnerable to one or more L1 data cache information disclosure and terminal fault attacks via a speculative execution side channel. These attacks are known as L1 Terminal Fault:SGX,L1 Terminal Fault:OS/SMM,and L1 Terminal Fault:VMM.
Kategóriák: Biztonsági hírek

VU#641765: Linux kernel IP fragment re-assembly vulnerable to denial of service

sze, 08/15/2018 - 04:49
The Linux kernel,versions 3.9+,IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets.
Kategóriák: Biztonsági hírek

VU#787952: Several Android mobile devices contain multiple vulnerabilities within OEM-pre-installed apps

sze, 08/15/2018 - 01:59
Many Android mobile devices come with OEM-pre-installed apps. Some apps have been identified as having incorrect access control settings,allowing in some circumstances malicious third-party apps to exploit and bypass system permissions and settings. Additionally,some Android and iOS apps embed a hard-coded cryptographic key and/or use a weak cryptographic algorithm allows for an attacker to obtain elevated access to vulnerable mobile apps.
Kategóriák: Biztonsági hírek

VU#857035: IKEv1 Main Mode Vulnerable to Brute Force Attacks

k, 08/14/2018 - 23:40
Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks.
Kategóriák: Biztonsági hírek

VU#962459: Linux Kernel TCP implementation vulnerable to Denial of Service

h, 08/06/2018 - 19:18
The Linux kernel,versions 4.9+,is vulnerable to denial of service conditions with low rates of specially modified packets.
Kategóriák: Biztonsági hírek

VU#307144: mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR

p, 08/03/2018 - 14:52
mingw-w64 produces a executable Windows files without a relocations table by default,which breaks compatibility with ASLR.
Kategóriák: Biztonsági hírek

VU#307144: mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR

p, 08/03/2018 - 14:50
ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks.
Kategóriák: Biztonsági hírek

Oldalak