#rce

Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Overview ICS-CERT has received a report from independent security researcher Dan Rosenberg with Virtual Security Research (VSR) of an unauthenticated Structured Query Language (SQL) vulnerability in the Ecava IntegraXor human machine interface (HMI) product that could allow data leakage, data manipulation, and remote code execution against the backend host running the database service. ICS-CERT has coordinated with Ecava, which has verified the vulnerability and developed a patched release of IntegraXor (Build 4050) to address this vulnerability. Both ICS-CERT and the independent security researcher have validated the patch. Affected Products This vulnerability affects all IntegraXor versions prior to Version 3.60 (Build 4032). Impact A successful exploit of this vulnerability could lead to arbitrary data leakage, data manipulation, and remote code execution. The exact impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends t...

Overview Researchers at Digital Bond have identified multiple vulnerabilities in the Control Microsystems ClearSCADA application. The following vulnerabilities have been identified: Heap Overflow Vulnerability Cross-site Scripting Vulnerabilities Insecure Web Authentication. Affected Products The following ClearSCADA versions are affected: ClearSCADA 2005 (all versions) ClearSCADA 2007 (all versions) ClearSCADA 2009 (all versions except R2.3 and R1.4). --------- Begin Update A – Part 1 of 3 ---------- This Advisory applies to all versions of SCX (from Serck UK or Serck Aus) that are older than the following (these SCX versions bundle ClearSCADA in the package): SCX Version 67 R4.5 SCX Version 68 R3.9. ---------- End Update A – Part 1 of 3 ---------- Impact Successful exploitation of the vulnerabilities reported in this Advisory requires an attacker to have a level of skill that ranges from intermediate to high depending on the specific vulnerability and desired objective. An attacker c...

Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.

Overview This advisory is a follow-up to ICS-ALERT-10-305-01 RealFlex RealWin Buffer Overflows, which was published on the ICS-CERT Web site on November 01, 2010. On October 15, 2010 an independent security researcher posted informationResearcher, http://aluigi.altervista.org/adv/realwin1-adv.txt, website last visited November 4, 2010.  regarding vulnerabilities in RealFlex Technologies Ltd. RealWin SCADA software products. The security researcher’s analysis indicated that successful exploitation of these vulnerabilities can lead to arbitrary code execution and control of the system. RealFlex Technologies has validated the researcher’s findings and released an updateRealFlex, http://csrealflex.com/cs/index.ssp, website last visited November 8, 2010. to resolve these issues. ICS-CERT has verified that the software update resolves the vulnerabilities highlighted by the researcher. Affected Products All RealWin versions up to and including Version 2.1.8 (Build 6.1.8) are affected by these...

Overview In July, ICS-CERT published an advisory and a series of updates regarding the Stuxnet malware entitled “ICSA-10-201 USB Malware Targeting Siemens Control Software.” Since then, ICS-CERT has continued analysis of the Stuxnet malware in an effort to determine more about its capabilities and intent. As the analysis has progressed, understanding of the malware sophistication has continued to increase. Stuxnet makes use of a previously unpatched Windows vulnerability and a digitally signed kernel-mode rootkit. There have been two digital certificates used to sign this rootkit. The original certificate was revoked. Subsequently, a second variant was discovered in which the same rootkit was signed with a different key, which has also been revoked. With approximately 4,000 functions, Stuxnet contains as much code as some commercial software products. The complex code is object oriented and employs many programming techniques that demonstrate advanced knowledge in many areas, including...