Security Alerts & News
by Tymoteusz A. Góral

History
#1785 Buffer overflow in BSD libc library patched
The BSD libc library was updated recently to address a buffer overflow vulnerability that could have allowed an attacker to execute arbitrary code.

The library is part of the POSIX library, which is used in BSD operating systems, like FreeBSD, NetBSD, OpenBSD. The libc library is also used in Apple’s OS X operating system.

According to Garret Wassermann, a vulnerability analyst at Carnegie Mellon’s Software Engineering Institute CERT/CC who disclosed the vulnerability yesterday, only a handful of implementations that use the library have publicly applied the fix.

The issue stems from problem with the obuf variable in the link_ntoa() function in linkaddr.c. Because of improper bounds checking, an attacker could have been able to read or write from memory.
Read more
#1785 Buffer overflow in BSD libc library patched
#1784 Phishing made easy: Time to rethink your prevention strategy? (PDF)
#1783 Phishing-as-a-service is making it easier than ever for hackers to steal your data
#1782 Millions exposed to malvertising that hid attack code in banner pixels
#1781 Hackers gamify DDoS attacks with collaborative platform
#1780 Critical vulnerability patched in Roundcube webmail
#1779 Backdoor accounts found in 80 Sony IP security camera models
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12