Category Archives: Full Disclosure

Full Disclosure

Re: [oss-security] CVE-2017-17670: vlc: type conversion vulnerability

Posted by Stiepan on Dec 15

Nice job! By the way, when is back-porting of the fix to the current stable version(s) envisioned? (I doubt most oss OS
distributions use the “HEAD of the VLC master branch”, nor that most Windows or Mac users use the latest bleeding-edge
build, leaving a potentially large window for exploitation if former versions don’t get fixed; knowing VLC’s
popularity, I think that the question should be seriously considered)
And is…

Read more

APPLE-SA-2017-12-13-7 Additional information for APPLE-SA-2017-12-6-4 tvOS 11.2

Posted by Apple Product Security on Dec 15

APPLE-SA-2017-12-13-7 Additional information for
APPLE-SA-2017-12-6-4 tvOS 11.2

tvOS 11.2 addresses the following:

IOSurface
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13861: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV…

Read more

APPLE-SA-2017-12-13-1 iOS 11.2.1

Posted by Apple Product Security on Dec 15

APPLE-SA-2017-12-13-1 iOS 11.2.1

iOS 11.2.1 is now available and addresses the following:

HomeKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: A message handling issue was addressed with improved
input validation.
CVE-2017-13903: Tian Zhang

Installation note:

This update is available through iTunes and Software…

Read more

APPLE-SA-2017-12-13-6 Additional information for APPLE-SA-2017-12-6-2 iOS 11.2

Posted by Apple Product Security on Dec 15

APPLE-SA-2017-12-13-6 Additional information for
APPLE-SA-2017-12-6-2 iOS 11.2

iOS 11.2 addresses the following:

IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero…

Read more

APPLE-SA-2017-12-13-5 Safari 11.0.2

Posted by Apple Product Security on Dec 15

APPLE-SA-2017-12-13-5 Safari 11.0.2

Safari 11.0.2 addresses the following:

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.2
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856:…

Read more

APPLE-SA-2017-12-13-4 iTunes 12.7.2 for Windows

Posted by Apple Product Security on Dec 15

APPLE-SA-2017-12-13-4 iTunes 12.7.2 for Windows

iTunes 12.7.2 for Windows addresses the following:

APNs Server
Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a user
Description: A privacy issue existed in the use of client
certificates. This issue was addressed through a revised protocol.
CVE-2017-13864: FURIOUSMAC Team of United States Naval Academy

WebKit
Available for: Windows 7 and later…

Read more

APPLE-SA-2017-12-13-3 iCloud for Windows 7.2

Posted by Apple Product Security on Dec 15

APPLE-SA-2017-12-13-3 iCloud for Windows 7.2

iCloud for Windows 7.2 is now available and addresses the following:

APNs Server
Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a user
Description: A privacy issue existed in the use of client
certificates. This issue was addressed through a revised protocol.
CVE-2017-13864: FURIOUSMAC Team of United States Naval Academy

WebKit
Available for:…

Read more

APPLE-SA-2017-12-13-2 tvOS 11.2.1

Posted by Apple Product Security on Dec 15

APPLE-SA-2017-12-13-2 tvOS 11.2.1

tvOS 11.2.1 is now available and addresses the following:

HomeKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: A message handling issue was addressed with improved
input validation.
CVE-2017-13903: Tian Zhang

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may…

Read more

0-day: Remote Stack Format String in 'nsd' binary from multiple OEM

Posted by bashis on Dec 15

[STX]

Subject: Remote Stack Format String in ‘nsd’ binary from multiple OEM

Attack vector: Remote
Authentication: Anonymous (no credentials needed)
Researcher: bashis <mcw noemail eu> (December 2017)
PoC: https://github.com/mcw0/PoC
Release date: December 14, 2017
Full Disclosure: 0-Day

-[ PoC ]-

1)
$ curl ‘http://[IP:PORT]/main/index.asp?ID=AAAA|%x|%x|%x|%x|%x|%x|%x|%x|%x|%x|%x|%x&lg=BBBB’

[…]…

Read more

SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion

Posted by Maor Shwartz on Dec 15

SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary
File Deletion

Full report: https://blogs.securiteam.com/index.php/archives/3569
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability Summary
The following advisory describes a unauthenticated deserialization
vulnerability that leads to arbitrary delete files and, under certain
circumstances, code execution found in vBulletin version 5.

vBulletin, also known as…

Read more