This tool can be used to exploit vulnerable versions of RichFaces. It has payloads for 4 vulnerabilities that have been identified, which can lead to remote code execution via java deserialization and EL injection.
648af6bc429ca530648d01005b86d127e64fe5a21538da847835939211cb2f63This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users need to be included when /etc/passwd is overwritten, else AIX will throw 'Cannot get "LOGNAME" variable' when attempting to change user. The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX, and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when overwriting /etc/passwd.
cdb60dbe662ae825c2e68b4e3467951ff4065037e1a4c7ab93afe4fd720eaf44This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This module has been tested with CentOS 7 (1708). CentOS default install will require console auth for the users session. Xorg must have SUID permissions and may not start if running. On successful exploitation artifacts will be created consistent with starting Xorg.
9377740962fb859c56e4c74db8eb408580293ddee8808bfba3b45eda70d58cd2Red Hat Security Advisory 2019-2541-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
3464c1d8bfdc97a640e38d765f632fa6360eff8630f8a1cf93c2cfcfcd9e5d87Red Hat Security Advisory 2019-2538-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a bypass vulnerability.
e3c770ed478538592f866023514682c00b16438d67cc36341fc00e9d79b798bbUbuntu Security Notice 4035-1 - It was discovered that Ceph incorrectly handled read only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 16.04 LTS. It was discovered that Ceph incorrectly handled certain OMAPs holding bucket indices. An authenticated attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
85436c925c63103095d0ad444af8d9ef4922926097f5c1fdde3ab59dcf521e93Red Hat Security Advisory 2019-1222-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include cross site scripting and denial of service vulnerabilities.
cd29c11c06e83969192b1ae43feda49d6781d1f91c57986b0a9131894454a643Gentoo Linux Security Advisory 201904-6 - Multiple vulnerabilities have been found in GlusterFS, the worst of which could result in the execution of arbitrary code. Versions less than 4.1.8 are affected.
043fd8e80fc0cf57260f877078d16e4c53b33b4af150e6f0c8c6dc52016164d4xorg-x11-server versions prior to 1.20.3 Solaris 11 inittab local privilege escalation exploit.
f395fa6075c97d0f6a5281e7569a3262f4c8a507bf9f6ed087f0ecc2779560efXorg X11 server on AIX local privilege escalation exploit.
fdeb1b36f96691504fb5e84f75c6cdb5cd0544822f4eee060f585ebb37ee6e2dxorg-x11-server versions prior to 1.20.3 modulepath local privilege escalation exploit.
c9a8fc53361d358a0cff26b98407e45b20d095dc75d70b378fb8eea42a279036This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This Metasploit module has been tested with OpenBSD 6.3, 6.4, and CentOS 7 (1708). CentOS default install will require console auth for the users session. Cron launches the payload so if Selinux is enforcing exploitation may still be possible, but the module will bail. Xorg must have SUID permissions and may not start if running. On exploitation a crontab.old backup file will be created by Xorg. This Metasploit module will remove the .old file and restore crontab after successful exploitation. Failed exploitation may result in a corrupted crontab. On successful exploitation artifacts will be created consistent with starting Xorg and running a cron.
720e628b35284931ff0424715e648634cd3ec31db1a89c8b1fff88eddfb6f4abRichfaces version 3.x suffers from a remote code execution vulnerability.
5dfbb32d43674a8fbcf00a8b17109c6edc2aa21bc7c6922d64c36ba5c89fcce7Red Hat Security Advisory 2018-3581-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This asynchronous patch is a security update for the RichFaces package in standalone versions of Red Hat JBoss BRMS 5.3.1. Issues addressed include a code execution vulnerability.
f7369141e3c8f354bc5d5866d630ec080bd6112fae215fde5811e98e1830d7cbxorg-x11-server versions prior to 1.20.1 local privilege escalation exploit.
fb77fab828d8d0bab406044be7355eb91d3ce8026b117ae80f463ff6657192d5Red Hat Security Advisory 2018-3519-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss SOA Platform 5.3.1. Issues addressed include a code execution vulnerability.
77c3116fd25fb2be3da1c55cc7fe5509a4c599cd5c8189a6c1fc9e5c55766c8eRed Hat Security Advisory 2018-3518-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
ac8bf2c688d4777e473c034aebe746ff9c216a93cdc11d6723447e51a35e58bbRed Hat Security Advisory 2018-3517-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
663f8e8218e5c255e7ccfa37e54ee2894185be388adca7b633fb7e7bf7035c9bRed Hat Security Advisory 2018-3470-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, denial of service, deserialization, and format string vulnerabilities.
9e8155ff0d32478283821315ef01b373ffb94a7f3e9c04679d7c9bfd1ff773d5Red Hat Security Advisory 2018-3432-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include buffer overflow, denial of service, and format string vulnerabilities.
562b0315ae1759a5ca7d3a1f86b3dc22ad0ec010d9dc8cb5fdba3a09c63b91eaRed Hat Security Advisory 2018-3431-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include buffer overflow, denial of service, and format string vulnerabilities.
9eb04dea3e222b66616044f31b40d06c195f930fff2d320e0bb3cc13d1f728f6Red Hat Security Advisory 2018-3410-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include a privilege escalation vulnerability.
57de9c4177c68c1ac4cae9bd9b25328f8ef9de465badf48b6c789d6d9b258ab5Gentoo Linux Security Advisory 201810-9 - A vulnerability in X.Org X Server allows local users to escalate privileges. Versions less than 1.20.3 are affected.
29cdffb4731e8b668eef2cc7319c30aaf59b87a69d7e98f2b69c2c590b4b2b8cxorg-x11-server version 1.20.3 privilege escalation exploit.
44e3595b1823ca1e39ba5878cc28006b66ed111988fc108df3838c650e54ef1bUbuntu Security Notice 3802-1 - Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges.
3e1800b73c06b9c5d9e9432c23ff8f3942aa93d0c796d9685eac915ed9e32c29
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed