what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

Files Date: 2019-10-22

Xorg X11 Server SUID modulepath Privilege Escalation
Posted Oct 22, 2019
Authored by Narendra Shinde, Aaron Ringo | Site metasploit.com

This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This module has been tested with CentOS 7 (1708). CentOS default install will require console auth for the users session. Xorg must have SUID permissions and may not start if running. On successful exploitation artifacts will be created consistent with starting Xorg.

tags | exploit, arbitrary, root
systems | linux, centos
advisories | CVE-2018-14665
MD5 | d5e6f9fce10b890713038be1179ea1bd
Ubuntu Security Notice USN-4164-1
Posted Oct 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4164-1 - It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. This issue not affected Ubuntu 19.10. It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-13117, CVE-2019-18197
MD5 | d4604edb7744cea377f4c1f99547b236
Red Hat Security Advisory 2019-3179-01
Posted Oct 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3179-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and null pointer vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-12155, CVE-2019-14378
MD5 | 73c7dcec4bd18015c85ca16932eb504f
Red Hat Security Advisory 2019-3172-01
Posted Oct 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3172-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-1000632, CVE-2018-16470, CVE-2019-10198, CVE-2019-14825
MD5 | 843f538826eaa0163840dabdb7f692c7
Red Hat Security Advisory 2019-3170-01
Posted Oct 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3170-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2019-9636
MD5 | f72b35e225a16ecbf51658625f9bd7df
Red Hat Security Advisory 2019-3168-01
Posted Oct 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3168-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow, protocol
systems | linux, redhat
advisories | CVE-2019-5953
MD5 | b0f547dcd480fda50ec7e93c1b2bed81
Red Hat Security Advisory 2019-3165-01
Posted Oct 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3165-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. BR/EDR encryption key negotiation attacks were addressed.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-9506
MD5 | e4bd95e026550479628ffb19c4109e78
Ubuntu Security Notice USN-4163-1
Posted Oct 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4163-1 - It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Serial Attached SCSI implementation in the Linux kernel when handling certain error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10906, CVE-2017-18232, CVE-2018-21008, CVE-2019-14816, CVE-2019-14821, CVE-2019-15117, CVE-2019-15118, CVE-2019-15505, CVE-2019-15902
MD5 | 3f63ba945772d16fae61eba485d3eab9
Ubuntu Security Notice USN-4162-1
Posted Oct 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4162-1 - It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-21008, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-15117, CVE-2019-15118, CVE-2019-15505, CVE-2019-15902, CVE-2019-15918
MD5 | b951fc58b34ed48fd82f3107a2bf05c2
Ubuntu Security Notice USN-4157-2
Posted Oct 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4157-2 - USN-4157-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-15504, CVE-2019-15505, CVE-2019-15902, CVE-2019-16714, CVE-2019-2181
MD5 | 739bbc1907a2787aeff5444c0e073eff
Linux/x86 execve(/bin/sh) Socket Reuse Shellcode
Posted Oct 22, 2019
Authored by WangYihang

42 bytes small Linux/x86 execve(/bin/sh) socket reuse shellcode.

tags | x86, shellcode
systems | linux
MD5 | 55ec03b4974039d4cf4ab3dec10344a5
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close