A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup). This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it doesn't depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to data. In cloud environments it is also possible to remotely exploit this vulnerability without having "physical access". Cryptsetup versions 2:1.7.3-2 and below are affected.
a533475e588d0a35025183dd93ff60b65d867075cd009e955f89a1138f7cd7feA weakness in the Linux ASLR implementation has been addressed.
dc611674639e17d87db4bc8f7c419a93127da71cfb5a237027c9ffac55a2e504Grub2 versions 1.98 through 2.02 suffer from an authentication bypass vulnerability.
83bd7487636061aa2b0800d6365ebfbe91d7c0307ab06febcf641741b08068f4Glibc pointer guarding weakness proof of concept code.
64411cf75336417b9d476a2bf486dd76842d1e2a6149f57b59c3900238a08677A security issue in Linux ASLR implementation which affects some AMD processors has been found. The issue affects to all Linux process even if they are not using shared libraries (statically compiled). The problem appears because some mmapped objects (VDSO, libraries, etc.) are poorly randomized in an attempt to avoid cache aliasing penalties for AMD Bulldozer (Family 15h) processors. Affected systems have reduced the mmapped files entropy by eight. Grsecurity/PaX is also affected. The total entropy for the VVAR/VDSO, mmapped files and libraries of a processes are reduced by eight. The number of possible locations where the mapped areas can be placed are reduced by 87.5%.
775d1f12325916fd03a6f940333695b6ae0d7cad1e68d2d8d0149405f2dd39edA bug in Linux ASLR implementation has been found. The issue is that the mmap base address for processes is not properly randomized on some architectures due to an improper bit-mask manipulation. Affected systems have reduced the mmap area entropy of the processes by half.
5561c263f5ccd156d5f5f50185acc7545668c0275b3b60446b6c52dff9c6ea14A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has been found. The issue is that the stack for processes is not properly randomized on some 64 bit architectures due to an integer overflow.
9890952521e3cd5f5015f68364d858db61068493b180f85994b13d9035ba96b2A bug in the stock Google email application version 4.4.2.0200 has been found. An attacker can remotely perform an denial of service attack by sending a specially crafted email. No interaction from the user is needed to produce the crash just receive the malicious email.
ac7559e1e73b67d06c92b883f14f41cbf66238ec15aa4ca1bdae29c219ef9c78The release of this advisory provides exploitation details in relation a weakness in the Linux ASLR implementation. The problem appears when the executable is PIE compiled and it has an address leak belonging to the executable. These details were obtained through the Packet Storm Bug Bounty program and are being released to the community.
57833cb6d2c4d2d145ba4e56f348f6182a247930713b65de664031a38287a959Proof of concept code that demonstrates an ASLR bypass of PIE compiled 64bit Linux.
af29e970411b02a4faa3410f217a6f31cf2be6b21d710ee65c2ff859aa9a0426A specially-crafted sniffit configuration file can be leveraged to execute code as root.
0e5fe0fcd83bf75ca01e02b696edc874fa9921b6318df3ad0fddb1136bf2a3ebs3dvt suffers from a local privilege escalation vulnerability due to a lack of checking the setuid() return code.
0a8c3b679a43618d9ffc8263cd5c4998800f72c4afbd6b76ebceaaf9c16532cbDCMTK versions prior to 3.6.1 suffer from a privilege escalation vulnerability.
e5daa4eb447688d47ee6554039d298426fdee9e6b9db86fd1833f9b82940238dEglibc suffers from a PTR MANGLE bug. All statically linked applications compiled with glibc and eglibc are affected, independent of the operating system distribution. Note that this problem is not solved by only patching the eglibc, but it is also necessary to recompile all static executables. Proof of concept exploit included.
886e08b8e90e2d9b861f8e4dba2d25b994c4200f1929e01cc6bc74363c57f184
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed