Posts Tagged ‘Dovecot’

New Vulnerabilities

New Vulnerabilities

Several newly discovered vulnerabilities:

– In the Linux kernel detected vulnerability that allowed a local attacker to elevate their privileges in the system through the transfer of incorrect parameters through a system call perf_event_open (). The problem occurs only on a platform of ARM;

– In the implementation of the CIFS file system of the Linux kernel vulnerabilities detected, allowing one to write an extra byte in the allocated memory area and trigger a kernel crash when mounting external DFS-section. The problem manifests itself when building the kernel with options CONFIG_CIFS and CONFIG_CIFS_DFS_UPCALL;

– In the staffing component of upload files of the management system TYPO3 web-content found vulnerability that allowed to write a file in an arbitrary directory server in the plant hierarchy TYPO3. Using the vulnerability authenticated user with limited privileges can edit the download php-file in the directory that are allowed to run php-code and run it in the context of the current site. This issue is addressed in issues of TYPO3 6.0.8 and 6.1.3; (more…)