Gentoo Linux Security Advisory 202210-25 - Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service. Versions less than 9.16.33 are affected.
c5645f086ca62dbd16b86b41fb6e466ae81c4f68c8c5264e8e226c1c0248707bUbuntu Security Notice 5626-1 - Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. It was discovered that Bind incorrectly handled statistics requests. A remote attacker could possibly use this issue to obtain sensitive memory contents, or cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
34b2988765657bb9a18a6b8e41a326b6235943782ca9236238e2273ea984abd6This Metasploit module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided "admin" account to insert the malicious payload into the custom script fields. When a user resets their password or unlocks their account, the payload in the custom script will be executed. The payload will be executed as SYSTEM if ADSelfService Plus is installed as a service, which we believe is the normal operational behavior. This is a passive module because user interaction is required to trigger the payload. This module also does not automatically remove the malicious code from the remote target. Use the "TARGET_RESET" operation to remove the malicious custom script when you are done.
d91150e34529bee9dd92e87b3f063460c0b5e994a412c286b68d6cb26a58d358
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed