This Metasploit module exploits a race condition and use-after-free in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2016-8655). The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu (Trusty / Xenial) kernels 4.4.0 < 4.4.0-53, including Linux distros based on Ubuntu, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 17.3 (x86_64); Linux Mint 18 (x86_64); and Ubuntu 16.04.2 (x86_64) with kernel versions 4.4.0-45-generic and 4.4.0-51-generic.
ILIAS versions 5.3.2, 5.2.14, and 5.1.25 suffer from a cross site scripting vulnerability.
Red Hat Security Advisory 2018-1630-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a bypass vulnerability.
Teradek VidiU Pro version 3.0.3 change password cross site request forgery exploit.
GitBucket version 4.23.1 suffers from remote code execution and arbitrary file read vulnerabilities.
Ubuntu Security Notice 3653-1 - Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
Ubuntu Security Notice 3652-1 - Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory.
Ubuntu Security Notice 3651-1 - Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64 and i386.
Teradek VidiU Pro version 3.0.3 suffers from a server-side request forgery vulnerability.
Debian Linux Security Advisory 4204-1 - This update fixes several vulnerabilities in imagemagick, a graphical software suite. Various memory handling problems or issues about incomplete input sanitizing would result in denial of service or memory disclosure.
VMware Security Advisory 2018-0013 - VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities.
Debian Linux Security Advisory 4205-1 - This is an advance notice that regular security support for Debian GNU/Linux 8 (code name "jessie") will be terminated on the 17th of June.
Merge PACS version 7.0 suffers from a cross site request forgery vulnerability.
eventreg.oracle.com suffers from a cross site scripting vulnerability.
Model Agency Media House and Model Gallery version 1.0 suffers from cross site request forgery, remote SQL injection, and cross site scripting vulnerabilities.
Auto Dealership and Vehicle Showroom WebSys version 1.0 suffers from cross site request forgery, remote SQL injection, and cross site scripting vulnerabilities.
Wchat PHP AJAX Chat Script version 1.5 suffers from a persistent cross site scripting vulnerability.
Schneider Electric PLCs suffer from a cross site request forgery vulnerability.
Default credentials in Adobe Experience Manager (AEM) versions prior to 6.3 can lead to remote code execution.
D-Link DSL-3782 suffers from an authentication bypass vulnerability.
Easy MPEG to DVD Burner version 1.7.11 local buffer overflow SEH exploit with DEP bypass.
Joomla EkRishta component version 2.10 suffers from cross site scripting and remote SQL injection vulnerabilities.
mySCADA myPRO version 7 has a hardcoded FTP username and password.
Gentoo Linux Security Advisory 201805-6 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in privilege escalation. Versions less than 66.0.3359.170 are affected.
This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed