exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

CVE-2018-1066

Status Candidate

Overview

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.

Related Files

Ubuntu Security Notice USN-3880-2
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3880-2 - USN-3880-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568
MD5 | 487a306925c7e670db035236bdf205f4
Ubuntu Security Notice USN-3880-1
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3880-1 - It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568
MD5 | 2df3c39651f380c1654b491a60d6c979
Axis Network Camera Remote Command Execution
Posted Jul 26, 2018
Authored by sinn3r, Chris Lee, wvu, Matthew Kienow, Or Peles, Jacob Robles, Shelby Pace, Cale Black, Brent Cook | Site metasploit.com

This Metasploit module exploits an authentication bypass in .srv functionality and a command injection in parhand to execute code as the root user.

tags | exploit, root
advisories | CVE-2018-10660, CVE-2018-10661, CVE-2018-10662
MD5 | 66359d0727b130b0477a2848942c2518
Axis Cameras Authorization Bypass / Unrestricted Access / Command Injection
Posted Jul 2, 2018
Authored by Or Peles | Site blog.vdoo.com

Axis Cameras suffer from authorization bypass, unrestricted dbus access, command injection, denial of service, and information disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure
advisories | CVE-2018-10658, CVE-2018-10659, CVE-2018-10660, CVE-2018-10661, CVE-2018-10662, CVE-2018-10663, CVE-2018-10664
MD5 | b1d6f502e4097765fade4203769a08af
Debian Security Advisory 4188-1
Posted May 3, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4188-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2017-17975, CVE-2017-18193, CVE-2017-18216, CVE-2017-18218, CVE-2017-18222, CVE-2017-18224, CVE-2017-18241, CVE-2017-18257, CVE-2017-5715, CVE-2017-5753, CVE-2018-1000199, CVE-2018-10323, CVE-2018-1065, CVE-2018-1066, CVE-2018-1068, CVE-2018-1092, CVE-2018-1093, CVE-2018-1108, CVE-2018-5803, CVE-2018-7480, CVE-2018-7566, CVE-2018-7740, CVE-2018-7757, CVE-2018-7995, CVE-2018-8087, CVE-2018-8781, CVE-2018-8822
MD5 | 40218a570ce7c1511b3faa47a7e18487
Debian Security Advisory 4187-1
Posted May 3, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4187-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2015-9016, CVE-2017-0861, CVE-2017-13166, CVE-2017-13220, CVE-2017-16526, CVE-2017-16911, CVE-2017-16912, CVE-2017-16913, CVE-2017-16914, CVE-2017-18017, CVE-2017-18203, CVE-2017-18216, CVE-2017-18232, CVE-2017-18241, CVE-2017-5715, CVE-2017-5753, CVE-2018-1000004, CVE-2018-1000199, CVE-2018-1066, CVE-2018-1068, CVE-2018-1092, CVE-2018-5332, CVE-2018-5333, CVE-2018-5750, CVE-2018-5803, CVE-2018-6927, CVE-2018-7492
MD5 | 8f53637cc7f7ef1bdf7110ecc11496aa
Page 1 of 1
Back1Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close