No Image

MySQL Audit Data Consolidation – Made Simple

2020-11-04 KENNETH 0

MySQL Audit Data Consolidation – Made Simple In this blog, I am going to demonstrate how to create your own consolidated audit log archive across many mysql instances. In a followup I’ll show how to extend this example by creating a simple hash chain on that archive – so you can prove whether or not its been modified or tainted in any way and if so where.… Facebook Twitter LinkedIn Source: MySQL Audit Data Consolidation – Made Simple

No Image

USN-4615-1: Yerase's TNEF vulnerabilities

2020-11-04 KENNETH 0

USN-4615-1: Yerase's TNEF vulnerabilities It was discovered that Yerase’s TNEF had null pointer dereferences, infinite loop, buffer overflow, out of bounds reads, directory traversal issues and other vulnerabilities. An attacker could use those issues to cause a crash and consequently a denial of service. (CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802) Source: USN-4615-1: Yerase's TNEF vulnerabilities

No Image

USN-4616-1: AccountsService vulnerabilities

2020-11-04 KENNETH 0

USN-4616-1: AccountsService vulnerabilities Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. (CVE-2020-16126) Kevin Backhouse discovered that AccountsService incorrectly handled reading .pam_environment files. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-16127) Matthias Gerstner discovered that AccountsService incorrectly handled certain path checks. A local attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14036) Source: USN-4616-1: AccountsService vulnerabilities

No Image

USN-4614-1: GDM vulnerability

2020-11-04 KENNETH 0

USN-4614-1: GDM vulnerability Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user. Source: USN-4614-1: GDM vulnerability

No Image

USN-4613-1: python-cryptography vulnerability

2020-11-03 KENNETH 0

USN-4613-1: python-cryptography vulnerability Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information. Source: USN-4613-1: python-cryptography vulnerability