what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2019-10-22

Xorg X11 Server SUID modulepath Privilege Escalation
Posted Oct 22, 2019
Authored by Narendra Shinde, Aaron Ringo | Site metasploit.com

This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This module has been tested with CentOS 7 (1708). CentOS default install will require console auth for the users session. Xorg must have SUID permissions and may not start if running. On successful exploitation artifacts will be created consistent with starting Xorg.

tags | exploit, arbitrary, root
systems | linux, centos
advisories | CVE-2018-14665
SHA-256 | 9377740962fb859c56e4c74db8eb408580293ddee8808bfba3b45eda70d58cd2
Ubuntu Security Notice USN-4164-1
Posted Oct 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4164-1 - It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. This issue not affected Ubuntu 19.10. It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-13117, CVE-2019-18197
SHA-256 | d8731609ccfe1b7c785a295825768fdd8f8d0f9866933f22f21cdfad1541d4aa
Red Hat Security Advisory 2019-3179-01
Posted Oct 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3179-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and null pointer vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-12155, CVE-2019-14378
SHA-256 | fb1cbfb1802e6a490092f74dffb0d38aa298b964fa8394d3152a17f7f8e80a3e
Red Hat Security Advisory 2019-3172-01
Posted Oct 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3172-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-1000632, CVE-2018-16470, CVE-2019-10198, CVE-2019-14825
SHA-256 | 0d1a7f3e91df6df87aebdd58b89f12efd814a2be22f9232bceca09c5693fa8c4
Red Hat Security Advisory 2019-3170-01
Posted Oct 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3170-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2019-9636
SHA-256 | 96b33746cb02ab7a23f5c45abb6187cfba633ee7d9adbda5fc2cda02ffac2737
Red Hat Security Advisory 2019-3168-01
Posted Oct 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3168-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow, protocol
systems | linux, redhat
advisories | CVE-2019-5953
SHA-256 | 17505293abe3130e4c9b8216c0e777d474edce7155e301390520fd4c5839b226
Red Hat Security Advisory 2019-3165-01
Posted Oct 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3165-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. BR/EDR encryption key negotiation attacks were addressed.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-9506
SHA-256 | 6c8d9ce661707fa66c0c0dbe90e8b4abc6215f3f0a803211a7073c4d7539d7be
Ubuntu Security Notice USN-4163-1
Posted Oct 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4163-1 - It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Serial Attached SCSI implementation in the Linux kernel when handling certain error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10906, CVE-2017-18232, CVE-2018-21008, CVE-2019-14816, CVE-2019-14821, CVE-2019-15117, CVE-2019-15118, CVE-2019-15505, CVE-2019-15902
SHA-256 | cedfd2bb370862f13151b30fc2625f520648ba3ee5d47c56224d2b16803282c6
Ubuntu Security Notice USN-4162-1
Posted Oct 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4162-1 - It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-21008, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-15117, CVE-2019-15118, CVE-2019-15505, CVE-2019-15902, CVE-2019-15918
SHA-256 | 766eafebbf6fe9684e9d928dab508e66e29f9dd506c5d9b1141a9c677708de5f
Ubuntu Security Notice USN-4157-2
Posted Oct 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4157-2 - USN-4157-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-15504, CVE-2019-15505, CVE-2019-15902, CVE-2019-16714, CVE-2019-2181
SHA-256 | 98e81da43ab7657c0515f3a777eb64a810ffffaa72274cb03f12408a3c619c36
Linux/x86 execve(/bin/sh) Socket Reuse Shellcode
Posted Oct 22, 2019
Authored by WangYihang

42 bytes small Linux/x86 execve(/bin/sh) socket reuse shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 06940cd962d0fb34cda215179e7f8392804cd9243f8253e5bd126a6f374b2d79
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close