This archive contains all of the 79 exploits added to Packet Storm in August, 2022.
3e7ab5fb77e64191899c0e7cef2d8c023c404479de54077b3bf438091ae753af
Red Hat Security Advisory 2022-6248-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an information leakage vulnerability.
4ac654fdf70d8f95756f3ba1831afcbde6d7cd88ba4585d3ccbc5a1f26d0d5ab
Red Hat Security Advisory 2022-6243-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.
cb70b3258fb9d069f824d3ce0e82b6f98ac24afbee38e5acad4f326d990c751f
Red Hat Security Advisory 2022-6250-01 - The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one site at a time.
c3a6b786a5176334ad7bdf5564265c4ef49aedd603c8db437ebe3b7d2988e61d
Ubuntu Security Notice 5590-1 - Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.
2e5da57fb88f0c77d49cc30ea10370f8b37151cd437de80a34fb35585b05c051
Red Hat Security Advisory 2022-6224-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a code execution vulnerability.
647502acba6e1f4ffdad854b5907359dbee61f52101031ae43a924968e013c02
Ubuntu Security Notice 5589-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
9316e2d33cdf2aea8d2cb2836eb0939d4282bd276513260c0821cbeaa0326da6
This Metasploit module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user (e.g. nobody) escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall's crontab to execute an attacker provided script, resulting in code execution as root. In order to use this module, the attacker must first establish shell access. For example, by exploiting CVE-2022-30525. Known affected Zyxel models include USG FLEX (50, 50W, 100W, 200, 500, 700), ATP (100, 200, 500, 700, 800), VPN (50, 100, 300, 1000), USG20-VPN and USG20W-VPN.
ce0978f09bdc4f825505d8590e1f429b3ba8069c5e7e83d2268b514b437133c9
The WordPress Core version 6.0.2 release addresses cross site scripting and remote SQL injection vulnerabilities.
0294b797dfc8902604de84c76092b7f611cd98068035d347145eca92a5a38499