This archive contains all of the 167 exploits added to Packet Storm in January, 2022.
59424b5985270be954c39ce70a7b75882e806ee381f7b65bb3be2aacbd31cd2b
This Metasploit module exploits an authentication bypass (CVE-2021-1472) and command injection (CVE-2021-1473) in the Cisco Small Business RV series of VPN/routers. The device does not adequately verify the credentials in the HTTP Authorization field when requests are made to the /upload endpoint. Then the upload.cgi binary will use the contents of the HTTP Cookie field as part of a curl request aimed at an internal endpoint. The curl request is executed using popen and allows the attacker to inject commands via the Cookie field. A remote and unauthenticated attacker using this module is able to achieve code execution as www-data. This module affects the RV340, RV340w, RV345, and RV345P using firmware versions 1.0.03.20 and below.
d5c273af97dd2e97fb770967821e9b90847b04e11e1abb75510669721ee38b45
Ubuntu Security Notice 5259-1 - It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service.
7708b42ed0cb12cf75a820c930eeee446f370eea62c1f51b9719302793412a84
Ubuntu Security Notice 5260-1 - Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root. Michael Hanselmann discovered that Samba incorrectly created directories. In certain configurations, a remote attacker could possibly create a directory on the server outside of the shared directory.
1150766a9f5acaee9066e266cb394d5fcb11a48e64845279538c22bdac77ac58
Ubuntu Security Notice 5260-2 - Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root.
69faabb25cfae22c65e81b78d83b23a53e6dc20c613861ebb9a20102dff021b1
Red Hat Security Advisory 2022-0335-02 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
28ab25503628b93cc521824fbc1ee106e907622271239a73c240598166c82341
Gentoo Linux Security Advisory 202202-1 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.34.4 are affected.
d7b81acd976ea4556319720db72f4fff64adcb599b6250a5fa8a28bd2243c7c4
Red Hat Security Advisory 2022-0331-02 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.
b8f30ccd23b3e0f66db6c5a7359357dd88cb0641e3f05cf3757237c4f4bfb800
Red Hat Security Advisory 2022-0325-02 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a null pointer vulnerability.
2f756be831daa8b04039f8fa6ef306f944e0c3dcb2f24b69f92dcdd73479c8c7
Red Hat Security Advisory 2022-0330-03 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.
b2f254aa360d7b8861c19b3c476da577a3c2b4bb3cd562551bc6ea8e7aa9d2ea
Red Hat Security Advisory 2022-0328-03 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.
4243661bbd489d368993c4c81e920d82efc02d858a7a20ff23c8f9407c54ca1f
Red Hat Security Advisory 2022-0329-03 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.
aae3fdc17aec7fb3a0a2061effdd7bf6501d64cc49554d153cfa115981d9b7c8
Red Hat Security Advisory 2022-0332-02 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.
2fa894567eb4210f09e0e50a2f5c5bfd6dac89b01f090048afe409dda2e1a233