The research in this paper leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Store, to gain unauthorized access to other apps' sensitive data. More specifically, the researchers found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote.
ece3215f1041638c7e80717f3528c48fffb5d9d0f9b925cd46938a293c3d9f4fRSA Validation Manager versions 3.2 prior to build 201 suffer from race condition, cross site scripting, denial of service, and various other vulnerabilities.
703e04b821a0df9e65975d31c6a38a8fc2688b91256b2bfeecf3b49ca2c66426The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04. Included is a full exploit demonstration root code execution.
f86829bc8ea48c36f6d3cd054fa6293bb6beab50057404ccaddcd6c16e8bed3cUbuntu Security Notice 2649-1 - It was discovered that the uupdate tool incorrectly handled symlinks. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly replace arbitrary files, leading to a privilege escalation.
7d5451bdd010c364078a583ebeb8b2ea946413d031c6886bd1a9f1f94760b3faUbuntu Security Notice 2650-1 - Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd. A remote attacker could use these issues to cause wpa_supplicant or hostapd to crash, resulting in a denial of service.
c3ee6d4a5670629f11fe50ed57e6cdd0dc404dd3bb4af89ba16a428653faabebCellPipe 7130 router version 1.0.0.20h.HOL suffers from a cross site scripting vulnerability.
3dbbd6127d694b4edcf1b718fd1acdcbca841f4fde9082ba044f21f713cb578dRed Hat Security Advisory 2015-1120-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
3ec1967895e1681c1fef937c63310959e9099d0c14bde83f555875f3684d3b70Ubuntu Security Notice 2648-1 - Tavis Ormandy discovered that Aptdeamon incorrectly handled the simulate dbus method. A local attacker could use this issue to possibly expose sensitive information, or perform other file access as the root user.
e05a32cadd10925759bdbae89726726df91c6208026ce4e19f73e37857c62c94CellPipe 7130 router version 1.0.0.20h.HOL suffers from a cross site request forgery vulnerability.
b4208c80088ecfa773353853c2cf70171df70a35ad267695d22e5afeee28d344EMC UIM/P version 4.1 contains an authentication bypass vulnerability that could potentially be exploited by malicious users to compromise the affected system.
78dbdf84e5e6fea60c5c569a4239e7b4a69a9358a122b03e7e12294bc7f068deBlackCat CMS version 1.1.1 suffers from an arbitrary file download vulnerability.
f8fe91c327a9426411a6ab0146f398710c166865e0b8856056ca898353a6d541RealTimes (Realplayer) versions 18.0.1.6 and below suffer from a desktop service trusted path privilege escalation vulnerability.
a464f6ef7f8e5ab701f2dd718de925bb0e3201cd2c1a94efc90b3b217d06f0bcXtMediaPlayer version 0.93 memory corruption proof of concept exploit.
6f20422bb0ff521e463929e32ec936ee0b979b95a289460be8c2a8c3b0461fd558 bytes small Linux/x86 /etc/passwd reading shellcode.
6563636ad1d60a1ea50d144df18758818cb2033648591b1d94ca955faf18635fFinePlayer version 2.20 memory corruption proof of concept exploit.
cfd118d530c7f9ec518ef261b7367e07b28950a2f5988cee0e98550918186628Ubuntu Security Notice 2640-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
122682e2079f57b9d20ea0a53cbcf1fa27541a19754e2ff8123b4183c67919efRed Hat Security Advisory 2015-1115-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.
1b03a59ced9eb1deb3dcf1406ad52dd97e4fd2cb4f2722a75565166a58d99154Debian Linux Security Advisory 3289-1 - Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory.
4be0daf5b3f39172c01e0cf01217ee23e5f5eceee2070d75eb05fb357f095125Ubuntu Security Notice 2646-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
60e696bc948e127ea85fd077ad0c209bf2f09534c2c0a8621a196e2cd97921b8Ubuntu Security Notice 2645-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
de2b82ff912d766408dc20664b6f617bc06909cc0ddd19f4b148902d938c7d78Ubuntu Security Notice 2647-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
81f655f162aa73118e6b4213c239628a4fc5ae162d9fda3cc8ebc5d36142523cUbuntu Security Notice 2643-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
46bd8c4289069bc8f1619e0e070000f2b1911c349d885324ec84b1829ab40f43Ubuntu Security Notice 2644-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
941755602ec4f1f924dce22ad303c8570a47cadbfe65e3460042222d0f46dbc0Ubuntu Security Notice 2641-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
7b9cbf736d04f0b23cbaf259f21e2c322036327619471c50a6d7479caa3b6a5eUbuntu Security Notice 2642-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
6bfcc19b73797a1c86fc721f991369d043fb6e00cf5a2dd6631cf1ad67a4248b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed