Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files from Hank Leininger

Email addresshlein at progressive-comp.com
First Active2002-03-08
Last Active2017-11-03
Splunk 6.6.x Local Privilege Escalation
Posted Nov 3, 2017
Authored by Hank Leininger | Site korelogic.com

Splunk version 6.6.x suffers from a local privilege escalation vulnerability. Splunk can be configured to run as a non-root user. However, that user owns the configuration file that specifies the user to run as, so it can trivially gain root privileges.

tags | exploit, local, root
MD5 | 3e674b7b7b2bbcdc76d6019cc12711aa
Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation
Posted Oct 25, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

Infoblox NetMRI versions 7.1.2 through 7.1.4 suffer from administration shell escape and privilege escalation vulnerabilities.

tags | exploit, shell, vulnerability
MD5 | b723ed326bd04aa156050b80d0b7a39f
Solarwinds LEM Insecure Update Process
Posted Sep 26, 2017
Authored by Hank Leininger

Software updates for Solarwinds products are packaged and delivered insecurely, leading to root compromise of Solarwinds devices.

tags | advisory, root
MD5 | 80fc94af19356ab49a171c02ae5a06b3
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file system into the editor. An attacker can abuse this to read arbitrary files within the allowed permissions.

tags | exploit, arbitrary, shell, local
MD5 | f78a6aa709d515f34ff4063017a41667
Solarwinds LEM 6.3.1 Shell Escape Command Injection
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

Insufficient input validation in the management interface can be leveraged in order to execute arbitrary commands. This can lead to (root) shell access to the underlying operating system on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit, arbitrary, shell, root
MD5 | c05724ef34080811a5c98ed6a6d254cf
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

An attacker can abuse functionality provided by a script which may be run with root privilege in order to elevate privilege on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit, root
MD5 | 373e116e19d72c8737a256839ddaab81
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

Due to lax filesystem permissions, an attacker can take control of a hardcoded sudo path in order to execute commands as a privileged user on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit
MD5 | 1275e7426a10e7559160b95e00abed97
SQLite Tempdir Selection
Posted Jul 1, 2016
Authored by Hank Leininger | Site korelogic.com

Usually processes writing to temporary directories do not need to perform readdir() because they control the filenames they create, so setting /tmp/ , /var/tmp/ , etc. to be mode 1733 is a not uncommon UNIX hardening practice. Affected versions of SQLite reject potential tempdir locations if they are not readable, falling back to '.'. Thus, SQLite will favor e.g. using cwd for tempfiles on such a system, even if cwd is an unsafe location. Notably, SQLite also checks the permissions of '.', but ignores the results of that check. All versions of SQLite prior to 3.13.0 are affected.

tags | exploit
systems | unix
MD5 | c4c77f99af556a6ade6a5349c9059d3a
Arris DG1670A Cable Modem Remote Command Execution
Posted Feb 13, 2016
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

The Arris DG1670A leverages a combination of technologies to deliver the product functionality. Combining several of these technologies in an unanticipated way will allow an attacker to execute arbitrary commands on the underlying operating system as the most privileged user.

tags | exploit, arbitrary
MD5 | 4ced4ffb3942935c6f29b7cd082aab98
hap-linux-2.2.26-1.diff
Posted May 1, 2004
Authored by Hank Leininger | Site TheAIMSGroup.com

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Changes: This release has been synchronized with kernel 2.2.26 and Openwall 2.2.26-ow1.
tags | root, patch
systems | linux, unix
MD5 | 34ec26c10bb28a3d176c85d2c7f80331
hap-linux-2.2.23-1.diff.gz
Posted Dec 27, 2002
Authored by Hank Leininger | Site TheAIMSGroup.com

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Changes: This release has been synchronized with kernel 2.2.23 and Openwall 2.2.23-ow1.
tags | root, patch
systems | linux, unix
MD5 | 7d540037dc6995679bbd8eb50a3f1a95
hap-linux-2.2.22-1.diff.gz
Posted Sep 20, 2002
Authored by Hank Leininger | Site TheAIMSGroup.com

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Changes: This release has been synchronized with kernel 2.2.22 and Openwall 2.2.22-ow1.
tags | root, patch
systems | linux, unix
MD5 | 02959f4fcbabb9904350b1cf9e1c1413
hap-linux-2.2.21-1.diff.gz
Posted Jun 3, 2002
Authored by Hank Leininger | Site TheAIMSGroup.com

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Changes: This release has been synchronized with kernel 2.2.21 and Openwall 2.2.21-1.
tags | root, patch
systems | linux, unix
MD5 | 67511c74366e9200d7065dcbdafb779d
hap-linux-2.2.20-5.diff.gz
Posted Apr 6, 2002
Authored by Hank Leininger | Site TheAIMSGroup.com

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Changes: Now has logging of open directory FDs by chrooting processes, and various chroot capability dropping changes and fixes. Split fatal-signal logging into two buckets, so an attacker could not trigger log-throttling by causing an unprivileged segfault right before attacking privileged processes.
tags | root, patch
systems | linux, unix
MD5 | c6b700af0880cb67009535af4f0cb9a4
hap-linux-2.2.20-3.diff
Posted Mar 8, 2002
Authored by Hank Leininger | Site TheAIMSGroup.com

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Changes: Includes Solar Designer's Openwall 2.2.20-ow2, fixing a Linux kernel vulnerability that allows users to kill any process. There are also fixes to the capabilities dropping of chroot(2). The cap_to_mask stuff was biffed, and now actually works.
tags | root, patch
systems | linux, unix
MD5 | 4251871ab54cd5e20935cbd1849e6e72
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close