accept no compromises
Showing 1 - 13 of 13 RSS Feed

Files from Hank Leininger

Email addresshlein at progressive-comp.com
First Active2002-03-08
Last Active2017-09-26
Solarwinds LEM Insecure Update Process
Posted Sep 26, 2017
Authored by Hank Leininger

Software updates for Solarwinds products are packaged and delivered insecurely, leading to root compromise of Solarwinds devices.

tags | advisory, root
MD5 | 80fc94af19356ab49a171c02ae5a06b3
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file system into the editor. An attacker can abuse this to read arbitrary files within the allowed permissions.

tags | exploit, arbitrary, shell, local
MD5 | f78a6aa709d515f34ff4063017a41667
Solarwinds LEM 6.3.1 Shell Escape Command Injection
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

Insufficient input validation in the management interface can be leveraged in order to execute arbitrary commands. This can lead to (root) shell access to the underlying operating system on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit, arbitrary, shell, root
MD5 | c05724ef34080811a5c98ed6a6d254cf
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

An attacker can abuse functionality provided by a script which may be run with root privilege in order to elevate privilege on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit, root
MD5 | 373e116e19d72c8737a256839ddaab81
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

Due to lax filesystem permissions, an attacker can take control of a hardcoded sudo path in order to execute commands as a privileged user on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit
MD5 | 1275e7426a10e7559160b95e00abed97
SQLite Tempdir Selection
Posted Jul 1, 2016
Authored by Hank Leininger | Site korelogic.com

Usually processes writing to temporary directories do not need to perform readdir() because they control the filenames they create, so setting /tmp/ , /var/tmp/ , etc. to be mode 1733 is a not uncommon UNIX hardening practice. Affected versions of SQLite reject potential tempdir locations if they are not readable, falling back to '.'. Thus, SQLite will favor e.g. using cwd for tempfiles on such a system, even if cwd is an unsafe location. Notably, SQLite also checks the permissions of '.', but ignores the results of that check. All versions of SQLite prior to 3.13.0 are affected.

tags | exploit
systems | unix
MD5 | c4c77f99af556a6ade6a5349c9059d3a
Arris DG1670A Cable Modem Remote Command Execution
Posted Feb 13, 2016
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

The Arris DG1670A leverages a combination of technologies to deliver the product functionality. Combining several of these technologies in an unanticipated way will allow an attacker to execute arbitrary commands on the underlying operating system as the most privileged user.

tags | exploit, arbitrary
MD5 | 4ced4ffb3942935c6f29b7cd082aab98
hap-linux-2.2.26-1.diff
Posted May 1, 2004
Authored by Hank Leininger | Site TheAIMSGroup.com

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Changes: This release has been synchronized with kernel 2.2.26 and Openwall 2.2.26-ow1.
tags | root, patch
systems | linux, unix
MD5 | 34ec26c10bb28a3d176c85d2c7f80331
hap-linux-2.2.23-1.diff.gz
Posted Dec 27, 2002
Authored by Hank Leininger | Site TheAIMSGroup.com

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Changes: This release has been synchronized with kernel 2.2.23 and Openwall 2.2.23-ow1.
tags | root, patch
systems | linux, unix
MD5 | 7d540037dc6995679bbd8eb50a3f1a95
hap-linux-2.2.22-1.diff.gz
Posted Sep 20, 2002
Authored by Hank Leininger | Site TheAIMSGroup.com

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Changes: This release has been synchronized with kernel 2.2.22 and Openwall 2.2.22-ow1.
tags | root, patch
systems | linux, unix
MD5 | 02959f4fcbabb9904350b1cf9e1c1413
hap-linux-2.2.21-1.diff.gz
Posted Jun 3, 2002
Authored by Hank Leininger | Site TheAIMSGroup.com

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Changes: This release has been synchronized with kernel 2.2.21 and Openwall 2.2.21-1.
tags | root, patch
systems | linux, unix
MD5 | 67511c74366e9200d7065dcbdafb779d
hap-linux-2.2.20-5.diff.gz
Posted Apr 6, 2002
Authored by Hank Leininger | Site TheAIMSGroup.com

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Changes: Now has logging of open directory FDs by chrooting processes, and various chroot capability dropping changes and fixes. Split fatal-signal logging into two buckets, so an attacker could not trigger log-throttling by causing an unprivileged segfault right before attacking privileged processes.
tags | root, patch
systems | linux, unix
MD5 | c6b700af0880cb67009535af4f0cb9a4
hap-linux-2.2.20-3.diff
Posted Mar 8, 2002
Authored by Hank Leininger | Site TheAIMSGroup.com

HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.

Changes: Includes Solar Designer's Openwall 2.2.20-ow2, fixing a Linux kernel vulnerability that allows users to kill any process. There are also fixes to the capabilities dropping of chroot(2). The cap_to_mask stuff was biffed, and now actually works.
tags | root, patch
systems | linux, unix
MD5 | 4251871ab54cd5e20935cbd1849e6e72
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close