In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.
5f8a24055c7eacceccce25d80da65ff0a662a967a7f926c2fe621369f5e41ae2The libuser library implements a standardized interface for manipulating and administering user and group accounts, and is installed by default on Linux distributions derived from Red Hat's codebase. During an internal code audit at Qualys, they discovered multiple libuser-related vulnerabilities that allow local users to perform denial-of-service and privilege-escalation attacks. As a proof of concept, they developed an unusual local root exploit against one of libuser's applications. Both the advisory and exploit are included in this post.
8ca265d19600f642e0b8538ca2edb894bbc57f28b26136e6f5ea36ae5e348827Gentoo Linux Security Advisory 201507-22 - A heap-based buffer overflow in e2fsprogs could result in execution of arbitrary code. Versions less than 1.42.13 are affected.
ddc8103bc71b08b45094bb3fe6afa051609d7d51323034812601d3b47eae2d13Debian Linux Security Advisory 3313-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
2e58c4b602469b6006a0a897b4f48fb0ecef8c77468fcfdd3958ced23f009b86Red Hat Security Advisory 2015-1488-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
8f436bf84679e66da54f12816d6bf2a4d760e738018e00154e0c1955a13a4f73Red Hat Security Advisory 2015-1483-01 - The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root.
806b8529b5f262df0eb3996cae8fc333c0297362a681fc94c95f49756eee762eRed Hat Security Advisory 2015-1482-01 - The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root.
62f04998ed0f8898f85e4682c6bbdbf75ff623230c1af30c88f3efa928cb67a6Ubuntu Security Notice 2684-1 - A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. Various other issues were also addressed.
c2a387be4e13bc76e8d691c26a62d180fdafc4908f03c7bf1cdfa528bcb41df7Ubuntu Security Notice 2683-1 - A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. Various other issues were also addressed.
3af9e86c7769bcaffec157bf917b3e0a30ab6bc938c69d9a3b2611e3ee7a8ec6Debian Linux Security Advisory 3314-1 - Upstream security support for Typo3 4.5.x ended three months ago and the same now applies to the Debian packages as well.
d0d927348eba1d9e8a819d62607d411c04de826b19e1b9ba39e909a4b79c72daUbuntu Security Notice 2682-1 - A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. Various other issues were also addressed.
a6a98fab9d0381b3994020610c156d8f63399b7e9c2518b29e9dac5d0ac7b685Ubuntu Security Notice 2681-1 - A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
ff3d9b87245aa7a7be470860e38a4c3db83869527facf2395999f9c0ee992785Ubuntu Security Notice 2680-1 - A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
9f8c52cb857d1bf6c9403fdeb6ee3ffa2190d244d316b7b2e938a8957adf6f3bUbuntu Security Notice 2679-1 - A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
093b6ea5cf583f5e4862e592941aee13388244e99f55e960dbec4cdfdfad8107Ubuntu Security Notice 2678-1 - A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
e9ec333052661bb9d7f920a92684486047046d470cf844ef04a87798d1297704
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed