Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.
c446ad84eeb90a116264677ada159562Red Hat Security Advisory 2017-1712-01 - Red Hat 3scale API Management Platform 2.0 is a platform for the management of access and traffic for web-based APIs across a variety of deployment options. Security Fix: It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. The underlying container image was also rebuilt to resolve other security issues.
956dddcd24d616d3e3eb9855a25dca7eSlackware Security Advisory - New glibc packages are available for Slackware 14.2 and -current to fix security issues.
5f5ee8379c5e8b409a33219c34ff0537Linux kernel ldso_dynamic stack clash privilege escalation exploit. This affects Debian 9/10, Ubuntu 14.04.5/16.04.2/17.04, and Fedora 23/24/25.
26e7fd3397117950b21fa67eb23afc32Linux kernel ldso_hwcap_64 stack clash privilege escalation exploit. This affects Debian 7.7/8.5/9.0, Ubuntu 14.04.2/16.04.2/17.04, Fedora 22/25, and CentOS 7.3.1611.
0807adfea74deef734fd4ac194527b9cUbuntu Security Notice 3323-2 - USN-3323-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges. Various other issues were also addressed.
a78b5e8caa51c4d2d2fa51e3fe96b76aLinux kernel ldso_hwcap stack clash privilege escalation exploit. This affects Debian 7/8/9/10, Fedora 23/24/25, and CentOS 5.3/5.11/6.0/6.8/7.2.1511.
d6f12ceef7446a165164528e21c0b625Red Hat Security Advisory 2017-1567-01 - Red Hat Container Development Kit is a platform for developing containerized applicationsaaait is a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. With this update, Container Development Kit has been updated to 3.0.0-2, which includes an updated Red Hat Enterprise Linux ISO that contains fixes for the following security issues. Multiple security issues have been addressed.
db61fe9d6bab1e49dcbb4100de883474Gentoo Linux Security Advisory 201706-19 - Multiple vulnerabilities have been found in the GNU C Library, the worst of which may allow execution of arbitrary code. Versions less than 2.23-r4 are affected.
6f51e1fee26361684ccab503de218c9fQualys has released a large amount of research surrounding the use of stack clash vulnerabilities and how stack guard on Linux can be bypassed.
91191a0fae00196fec218203d9999e82Red Hat Security Advisory 2017-1481-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.
26d01b92643e1ee3f841e2985d2bd969Red Hat Security Advisory 2017-1480-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.
bc110fd2c8a3043c369b7e62c2057b17Red Hat Security Advisory 2017-1479-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.
96ed8575b1f88bcd28d167a8cb15d9b2Debian Linux Security Advisory 3887-1 - The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack.
0e67c7586caaf0743100d67a304537cbUbuntu Security Notice 3323-1 - It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges.
4f1f7e02e2084f735fd97a042a1859cf
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed