This archive contains all of the 160 exploits added to Packet Storm in September, 2019.
bc1e3a8489abc8859734cab040ff3937
LG-ERICSSON LN202-003H HomeHub router remote configuration disclosure exploit.
fc594bc6b78ed6b26e191ee2958732fd
A FortiSIEM collector connects to a Supervisor/Worker over HTTPS TLS (443/TCP) to register itself as well as relaying event data such as syslog, netflow, SNMP, etc. When the Collector (the client) connects to the Supervisor/Worker (the server), the client does not validate the server-provided certificate against its root-CA store. Since the client does no server certificate validation, this means any certificate presented to the client will be considered valid and the connection will succeed. If an attacker spoofs a Worker/Supervisor using an ARP or DNS poisoning attack (or any other MITM attack), the Collector will blindly connect to the attacker's HTTPS TLS server. It will disclose the authentication password used along with any data being relayed. Versions 5.0 and 5.2.1 have been tested and are affected.
ee1a1fa2b58f6637bd250813eb471ce4
Rocket.Chat versions prior to 2.1.0 suffer from a cross site scripting vulnerability.
36f555f2af81fce69ddbe041edf0ab91
Red Hat Security Advisory 2019-2947-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.9 will be retired as of March 31, 2020, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 5.9 AMC after March 31, 2020.
f81bab54d451616e097ee3d8765c9e4c
Red Hat Security Advisory 2019-2949-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a denial of service vulnerability.
bc505b4e45a39a19f419119259f86b4f
Red Hat Security Advisory 2019-2950-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2, and includes security and bug fixes. Issues addressed include a denial of service vulnerability.
1335c2d4b9621d42b1ad59dc1aca67e6
Red Hat Security Advisory 2019-2946-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked in the References section. Issues addressed include a denial of service vulnerability.
2654348a86bd8f200f26984bc6ca53e0
Red Hat Security Advisory 2019-2945-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security fix: If the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw, can be used remotely. This can result in a remote denial of service. Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out. Issues addressed include buffer overflow and denial of service vulnerabilities.
a87b3a5a1e36d60f2f04b5816c45a291
Ubuntu Security Notice 4145-1 - It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket options in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
ea50ef6fe5c28f797b35ddfa61c716dc
Ubuntu Security Notice 4144-1 - It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
a08d6c0764fd808ec1d2ad89c0113cd9
The Portable Document Format, better known as PDF, is one of the most widely used document formats worldwide, and in order to ensure information confidentiality, this file format supports document encryption. In this paper, the authors analyze PDF encryption and show two novel techniques for breaking the confidentiality of encrypted documents.
07a85b3d5850b0d07bc74cd4e5fcc956
This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant.
d3c3fbee7204613a4c2d9dde14bd8c7f
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
fba3c88e416ad99ed69849b61fdcaad0
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
daf042c398825b0476b7952f75fc71dd
Libpcap is a portable packet capture library which is used in many packet sniffers, including tcpdump.
21af603d9a591c7d96a6457021d84e6c
tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.
a4ead41d371f91aa0a2287f589958bae
WebKit suffers from a universal cross site scripting vulnerability using cached pages.
feb75421e7efde640b47418cf364c390
WebKit suffers from a user-agent shadow root leak in WebCore::ReplacementFragment::ReplacementFragment.
1e45ed827ba900226f8651daf3f4187f
WebKit suffers from a universal cross site scripting vulnerability in WebCore::command.
9f13592add861df962bac226dc591317
WebKit has an issue where URI and synchronous page loads are susceptible to a universal cross site scripting vulnerability.
31dbae9bdb725280046f9290bd4c6460
DotNetNuke versions prior to 9.4.0 suffer from a cross site scripting vulnerability.
5e87d37cd67d28292a61a476162e916b
kic version 2.4a suffers from a denial of service vulnerability.
08505ada1a7ddb143c3f679f69195457
DameWare Remote Support version 12.1.0.34 SEH buffer overflow exploit.
d04705f44094a0e541c78afb71f76587