Monthly Archive: January 2017

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish...

Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. Date published : 2017-01-31 http://www.securityfocus.com/bid/95913 https://confluence.atlassian.com/adminjira/jira-platform-releases/jira-7-2-x-platform-release-notes#JIRA7.2.xplatformreleasenotes-7-2-2

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate. Date published : 2017-01-31...

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. Date published...

The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file. Date published : 2017-01-31 http://www.openwall.com/lists/oss-security/2016/01/19/9 http://www.openwall.com/lists/oss-security/2016/01/25/3

An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe...

The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. Date published :...

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. Date published : 2017-01-30 https://www.kb.cert.org/vuls/id/718152 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. Date published : 2017-01-30 http://www.securityfocus.com/bid/82105 https://www.kb.cert.org/vuls/id/718152

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. Date published : 2017-01-30 http://www.securityfocus.com/bid/81811 https://www.kb.cert.org/vuls/id/718152

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. Date published : 2017-01-30 http://www.securityfocus.com/bid/96390 https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. Date published :...

NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. Date published...

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. Date published : 2017-01-30 http://www.securityfocus.com/bid/81815 https://www.kb.cert.org/vuls/id/718152