SecurityFocus · 2018. december 20.

Vuln: GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability

GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
NVD: all CVE · 3 óra 16 perc


Kernal drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
NVD: all CVE · 3 óra 16 perc


In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.
NVD: all CVE · 3 óra 16 perc


An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.
Ubuntu Secutity Notices · 3 óra 20 perc

USN-3595-2: Samba vulnerability

samba vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 ESM

Samba could be made to crash if it received specially crafted input.

Software Description
  • samba - SMB/CIFS file, print, and login server for Unix

USN-3595-1 fix a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM
samba - 2:3.6.25-0ubuntu0.12.04.15

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

seclist.org · 3 óra 40 perc

BSidesMilano Event and CFP

Posted by Agostino Panico on Mar 23

Good morning everyone,
I would like to invite everyone is interested @BSidesMilano 9th June, we
will open the registration process on eventbrite the 12th of April.
We are still looking for speakers, the cfp will end the 30th of April and
we are looking for cutting edge and innovative presentation, if you want to
share you research and have some good beers and exceptional food ( as usual
in Italy;) ) take a look on the website...
NVD: all CVE · 4 óra 16 perc


The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution.
NVD: all CVE · 4 óra 16 perc


DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.
NVD: all CVE · 5 óra 16 perc


Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.
NVD: all CVE · 6 óra 16 perc


Dell EMC iDRAC7/iDRAC8, versions prior to, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.
NVD: all CVE · 6 óra 16 perc


Dell EMC iDRAC7/iDRAC8, versions prior to, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.
Linux security Advisories · 7 óra 47 perc

Debian LTS: DLA-1314-1: simplesamlphp security update

LinuxSecurity.com: Cure53 discovered that in SimpleSAMLphp, in rare circumstances an invalid signature on the SAML 2.0 HTTP Redirect binding could be considered valid.
SANS · 13 óra 14 perc

Extending Hunting Capabilities in Your Network, (Fri, Mar 23rd)

Today's diary is an extension to the one I posted yesterday about hunting for malicious files crossing your network[1]. Searching for new IOCs is nice but there are risks of missing important pieces of information! Indeed, the first recipe could miss some malicious files in the following scenarios:   Case 1: What if a malware is discovered and analysed to extract IOCs but your organization was targeted three weeks ago?
Case 2: What if IOCs are received today but your organization is targeted in the coming one or two months?   Ok, the life of a malware sample (MD5 or SHA1 hash) is very short. They are millions of new malicious files every day. But it’s not the same with IP addresses or domains. I see often malicious IP addresses that are re-used across multiple events in MISP: Remember, yesterday we exported a list of hashes from the last 30 days from MISP. In some cases, 30 days might already be way too much for some platforms and have to be reduced to fewer days. The scheduled search in Splunk was scanning event from the last hour. If we increase this to events from the last x months or ‘all time’, they are chances to dramatically impact the Splunk performance.   The solve the cases above, let’s create a new tag in MISP called ‘Hunting’ (or whatever you want). All events tagged as ‘Retrohunt’ will have they IOCs exported forever (until the tag is removed):     Let’s generate the list of IOC’s with 2 MISP queries: The last 15 days + events flagged as ‘Hunting’:   wget --header 'Authorization: <redacted>' -O - https://misp/events/hids/md5/download/false/false/false/15d | grep -v "^#") > /tmp/ioc.tmp wget --header 'Authorization: <redacted>' -O - https://misp/events/hids/md5/download/Hunting | grep -v "^#") >> /tmp/ioc.tmp (echo md5 && sort -u /tmp/ioc.tmp) > /opt/splunk/etc/apps/search/lookups/malicious_md5.csv   The Splunk lookup table will now contain a sliding window of 15 days with all MD5 hashes and all the hashes flagged as “Hunting”.   To address the case 1describe above, we just need to run a unique big scan once a day at night to search across all the files and the case 2 will be automatically solved because interesting IOCs are now present in the lookup table.   The most important step: How to define which events to tag for ‘Hunting’? Of course, you could generate a list of IOCs based on existing tags or based on organizations that you trust for the quality of their sharings but, in my humble opinion, it's not sufficient. This is a good opportunity to introduce a process to review IOCs. Indeed, the main problem with platforms like MISP (but it’s the same with any tool collecting IOCs) is the flood of IOCs received daily. Keep in mind: The value of an IOC is not only the technical information (the IP address, hash or domain, etc) but also its context. Not all organisations are working in the same business, not all of them have risks to be targeted by known groups. That’s where some threat intelligence is required to define which events received in your MISP are relevant for you and your organization or... not!   [1] https://isc.sans.edu/forums/diary/Automatic+Hunting+for+Malicious+Files+Crossing+your+Network/23473/

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
SecurityFocus · 13 óra 20 perc

Bugtraq: [SECURITY] [DSA 4149-1] plexus-utils2 security update

[SECURITY] [DSA 4149-1] plexus-utils2 security update
SecurityFocus · 13 óra 20 perc

Bugtraq: [SECURITY] [DSA 4148-1] kamailio security update

[SECURITY] [DSA 4148-1] kamailio security update
SANS · 18 óra 5 perc

ISC Stormcast For Friday, March 23rd 2018 https://isc.sans.edu/podcastdetail.html&#x3f;id=5923, (Fri, Mar 23rd)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Linux security Advisories · 20 óra 38 perc

openSUSE: 2018:0780-1: important: qemu

LinuxSecurity.com: An update that solves 8 vulnerabilities and has four fixes is now available.
Linux security Advisories · 21 óra 28 perc

Debian: DSA-4149-1: plexus-utils2 security update

LinuxSecurity.com: Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands.
Linux security Advisories · 21 óra 37 perc

Debian: DSA-4148-1: kamailio security update

LinuxSecurity.com: Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code.
SecurityFocus · 21 óra 45 perc

Vuln: ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability

ARM mbed TLS CVE-2017-18187 Integer Overflow Vulnerability