Armis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices.

Cisco IP Phone version 11.7 denial of service proof of concept exploit.

Ubuntu Security Notice 3534-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. A memory leak was discovered in the _dl_init_paths function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_HWCAP_MASK environment variable, in combination with CVE-2017-1000409 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. Various other issues were also addressed.

Ubuntu Security Notice 3678-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 3678-2 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 3678-3 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 3785-1 - Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. It was discovered that several memory leaks existed when handling certain images in ImageMagick. An attacker could use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 4049-3 - USN-4049-1 fixed a vulnerability in GLib. The update introduced a regression in Ubuntu 16.04 LTS causing a possibly memory leak. This update fixes the problem. It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

IRIX suffers from local kernel memory disclosure and denial of service vulnerabilities.

CA Technologies support is alerting customers about a medium risk vulnerability that may allow a local attacker to gain additional privileges with products using CA Common Services running on the AIX, HP-UX, Linux, and Solaris platforms. The vulnerability, CVE-2016-9795, occurs due to insufficient validation by the casrvc program. A local unprivileged user can exploit the vulnerability to modify arbitrary files, which can potentially allow a local attacker to gain root level access.

Ubuntu Security Notice 3457-1 - Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice 3724-1 - Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL.

Ubuntu Security Notice 4160-1 - It was discovered that UW IMAP incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.

Dovecot version 2.3 suffers from multiple denial of service conditions. Included in this archive is the advisory as well as patches to address the issue.

Devicelock gives network administrators control over which users can access what removable devices (floppies, Magneto-Optical disks, CD-ROMs, ZIPs, etc.) on a local computer. It can protect network and local computers against viruses, trojans and other malicious programs often injected from removable disks. This version is for Windows 2000/NT. Windows ME version available here.

SolarWinds MSP PME Cache Service versions prior to 1.1.15 suffer from insecure file permission and code execution vulnerabilities.

Ubuntu Security Notice 4201-1 - It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to cause a denial of service. It was discovered that Ruby incorrectly handled certain HTTP headers. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

Microsoft Windows Vista/Server 2008 nsiproxy.sys local kernel denial of service exploit.

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileString method, which allow the user to write arbitrary files. It's abused to drop a payload embedded in a dll, which is later loaded through the Init() method from the lrMdrvService control, by abusing an insecure LoadLibrary call. This Metasploit module has been tested successfully on IE8 on Windows XP. Virtualization based on the Low Integrity Process, on Windows Vista and 7, will stop this module because the DLL will be dropped to a virtualized folder, which isn't used by LoadLibrary.

This Metasploit module exploits a remote arbitrary file write vulnerability in SolidWorks Workgroup PDM 2014 SP2 and prior. For targets running Windows Vista or newer the payload is written to the startup folder for all users and executed upon next user logon. For targets before Windows Vista code execution can be achieved by first uploading the payload as an exe file, and then upload another mof file, which schedules WMI to execute the uploaded payload. This Metasploit module has been tested successfully on SolidWorks Workgroup PDM 2011 SP0 on Windows XP SP3 (EN) and Windows 7 SP1 (EN).

Ubuntu Security Notice 3964-1 - Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the output of GnuPG and cause unsigned e-mail to appear signed. It was discovered that python-gnupg incorrectly handled the GPG passphrase. A remote attacker could send a specially crafted passphrase that would allow them to control the output of encryption and decryption operations. Various other issues were also addressed.

Ubuntu Security Notice 3991-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting attacks, or execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 4054-1 - A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 4064-1 - A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same origin restrictions, conduct cross-site scripting attacks, spoof origin attributes, or execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 4054-2 - USN-4054-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. Various other issues were also addressed.

Ubuntu Security Notice 4202-2 - USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.

Ubuntu Security Notice 4299-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy protections, or execute arbitrary code. Various other issues were also addressed.