This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.
0be0198fd35b0f082fb3872672e7f1dbe40db0a2ae2abc971e5936c264d03b3bRed Hat Security Advisory 2015-1508-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
00824dcce64f6db1345af18546421048f71ab7526a400efd8f3eb27dfb3700dfRed Hat Security Advisory 2015-1507-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
ddef7cd95b5ec264096b359446cefb22c25ef8d746777a0c5f1cc22a1c3f642fDebian Linux Security Advisory 3318-1 - Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed.
83ddc7aa74dbc651b8f2b3677ef0e97369412cc6d8bc40e4acca028111d494cfDebian Linux Security Advisory 3317-1 - Several vulnerabilities have been discovered in LXC, the Linux Containers userspace tools.
0c757887b859f350dc7059ceb18c56f376fff07f6d2055c9c9184bfdc54423ecDebian Linux Security Advisory 3316-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
77f6084f42e84ac99b7ceff809ccb976e89d5a9bf14710928cf2e5b55b224527Red Hat Security Advisory 2015-1499-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 44.0.2403.89, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
0b2bd46b245d90c8db3e033a85a7c5353db15fc1209d1b13c6e35cb3d470205fSeditio CMS version 1.7.1 suffers from an open redirect vulnerability.
2ff996b84f5e2517c42761313b4f6b91deae750fa6ae089104e6d04642bfc884PHP File Manager suffers from cross site request forgery, cross site scripting, backdoor, file check, remote shell upload, and various other vulnerabilities.
fdce4b71d80c857ab7c7314a383b0e1455af501dd6b040a30a6b5b7e8582ae3bXenForo versions 1.4.9 and below suffer from a cross site scripting vulnerability.
5d38872663e90c1322bb0e4199d9762f1f981af682bd046d78e6ef57fd238678Python code that provides a reverse TCP shell.
1fcc71b39d612ebdffeef62541bdc403a023c65238677035f5058a17e34b39cdWordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection vulnerabilities.
35ca2d59e923c4dcfa102cae5ca95a5f2022862e2a8f048b21905f0568781656WordPress Music Store plugin version 1.0.14 suffers from an open redirect vulnerability.
39a735fe34395a13d85f4a7c0131dc3a9ee60a7573410b4205e3a12eaf6b2d36An integer overflow exists in the System.DirectoryServices.Protocols.Utility class of the .NET Framework. Triggering this issue results in an overflown integer that is used to allocate a buffer on the heap that is too small, resulting in memory corruption. Exploiting this issues appears to be difficult. Consequently, Microsoft has decided to not release a security bulletin.
1afa865b50719d016f840d929f46021c297eaaf847046ef8e5bb08fa3a10902dQNAP TS-x09 Turbo NAS suffers from a cross site scripting vulnerability.
ab18c8b11eafa38f69dcfdc61dd73eeb55ad959a3b1d45edb7008ded708d8650PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
6542598e741ffca6954061fecedaa2526e5eebf562bfebc759aa5f92e7013f60Hawkeye-G version 3.0.1.4912 suffers from multiple cross site request forgery vulnerabilities.
7bbb160cd6f98012e50825f8a96af7faf9af19a17a8380a6210306d6c3405ae3Ubuntu Security Notice 2685-1 - A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. Various other issues were also addressed.
ff91b08028ce0d9cbb795da024396ec409ee5bce6874e42ac288d5806e460cc5Debian Linux Security Advisory 3315-1 - Several vulnerabilities were discovered in the chromium web browser.
cb3dc0da6f78a83ee1bcb3ccd48f19bc839d73342fdcf21a35855718da9468f6In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.
5f8a24055c7eacceccce25d80da65ff0a662a967a7f926c2fe621369f5e41ae2The libuser library implements a standardized interface for manipulating and administering user and group accounts, and is installed by default on Linux distributions derived from Red Hat's codebase. During an internal code audit at Qualys, they discovered multiple libuser-related vulnerabilities that allow local users to perform denial-of-service and privilege-escalation attacks. As a proof of concept, they developed an unusual local root exploit against one of libuser's applications. Both the advisory and exploit are included in this post.
8ca265d19600f642e0b8538ca2edb894bbc57f28b26136e6f5ea36ae5e348827Gentoo Linux Security Advisory 201507-22 - A heap-based buffer overflow in e2fsprogs could result in execution of arbitrary code. Versions less than 1.42.13 are affected.
ddc8103bc71b08b45094bb3fe6afa051609d7d51323034812601d3b47eae2d13Debian Linux Security Advisory 3313-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
2e58c4b602469b6006a0a897b4f48fb0ecef8c77468fcfdd3958ced23f009b86Red Hat Security Advisory 2015-1488-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
8f436bf84679e66da54f12816d6bf2a4d760e738018e00154e0c1955a13a4f73Red Hat Security Advisory 2015-1483-01 - The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root.
806b8529b5f262df0eb3996cae8fc333c0297362a681fc94c95f49756eee762e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed