Serv-U FTP Server version 15.1.6.25 suffers from a local privilege escalation vulnerability via authentication bypass.
9520e5100bd633aacd33186e92020821a17ae8024fc9d8d2d19c57caa1bceb16This exploit bypasses access control checks to use a restricted API function (POST /v2/snaps) of the local snapd service. This allows the installation of arbitrary snaps. Snaps in "devmode" bypass the sandbox and may include an "install hook" that is run in the context of root at install time. dirty_sockv2 leverages the vulnerability to install an empty "devmode" snap including a hook that adds a new user to the local system. This user will have permissions to execute sudo commands. As opposed to version one, this does not require the SSH service to be running. It will also work on newer versions of Ubuntu with no Internet connection at all, making it resilient to changes and effective in restricted environments. This exploit should also be effective on non-Ubuntu systems that have installed snapd but that do not support the "create-user" API due to incompatible Linux shell syntax. Some older Ubuntu systems (like 16.04) may not have the snapd components installed that are required for sideloading. If this is the case, this version of the exploit may trigger it to install those dependencies. During that installation, snapd may upgrade itself to a non-vulnerable version. Testing shows that the exploit is still successful in this scenario. This is the second of two proof of concepts related to this issue. Versions below 2.37.1 are affected.
09f311cd0808169606fe8f6d82efa2f6d9976ca93655f776e6a68b99bcab8228This exploit bypasses access control checks to use a restricted API function (POST /v2/create-user) of the local snapd service. This queries the Ubuntu SSO for a username and public SSH key of a provided email address, and then creates a local user based on these value. Successful exploitation for this version requires an outbound Internet connection and an SSH service accessible via localhost. This is one of two proof of concepts related to this issue. Versions below 2.37.1 are affected.
1d020fdf71d65c1855e5e714df0baf4d63b98521c65f6d1cbc13110479244d5aSolarWinds Serv-U FTP version 15.1.6.25 suffers from a cross site scripting vulnerability.
cab43f09ea114ddd73225f371eaa5942ccc5ccab83144e828b4c6ecb2a3988f2SolarWinds Serv-U FTP Server version 15.1.6 is vulnerable to privilege escalation from remote authenticated users by leveraging the CSV user import function. This leads to obtaining remote code execution under the context of the Windows SYSTEM account in a default installation.
b8d74d5140736265d1823436e97fb1070add29afc06762c47315c0b4594f0455Plex Media Server version 1.13.2.5154 suffers from an XML external entity injection vulnerability in SSDP processing.
fd05bc119cc94dd07f1758633b919f61a810dd3733ec673cd4b05bbf8c8ddbd5Vuze Bittorrent Client version 5.7.6.0 suffers from an XML external entity injection vulnerability in SSDP processing.
686d443dca7f3303ff849b5fac86fadc56950d932e1bf58ccef6da24a4dbd00bUniversal Media Server version 7.1.0 suffers from an XML external entity injection vulnerability in SSDP processing.
6c37f538c3799e0537e2b25bcf9ad1006bdcc07b9913e98d2700d77f45c34328Sitecore.NET version 8.1 suffers from a directory traversal vulnerability.
e4a706da6b29b62366f1ed365cb9f34fa7a8c59a749e0d003d626c959eb95de6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed