This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library (glibc) version 2.26 and prior. This Metasploit module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath() and create a SUID root shell. The exploit has offsets for glibc versions 2.23-0ubuntu9 and 2.24-11+deb9u1. The target system must have unprivileged user namespaces enabled. This Metasploit module has been tested successfully on Ubuntu Linux 16.04.3 (x86_64) with glibc version 2.23-0ubuntu9; and Debian 9.0 (x86_64) with glibc version 2.24-11+deb9u1.
80545f11c3dbaf619131e029fba6bb2504458083b7b4795f41fd9210ad2c35daThis Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
6b992abd6eb4488b1451744ac9a29b8cfc36bb9a4b8e764995041383204e8229Ubuntu Security Notice 3682-1 - A heap buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.
494f9b017be16951b96c87f973088ab519f111541e946ab28bd1de038e9136edDebian Linux Security Advisory 4227-1 - Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive.
d3c1914fa737a19cb224ebf254a1293a2fbcf359167e4cefcdf083b95a676440WordPress Tooltipy plugin version 5.0 suffers from a cross site request forgery vulnerability.
c8f3750df4042e50ce773fbee50cec7873f62c34d26909645eb06b443dfe7052WordPress Tooltipy plugin version 5.0 suffers from a cross site scripting vulnerability.
6eb4e52fcad8f00b82c4a47e651cb7194795e04d338435768fede1fe9077fca4WordPress Redirection plugin version 2.7.3 suffers from a remote file inclusion vulnerability.
78aa1bc28075dd91582082ed629d324772fe2f1192d1e98ffcdc49abf6933f2fUbuntu Security Notice 3678-3 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
cd986165b71b4e1378a506b88fdc3586bf913dc90d9ee4980df28a9ccdd51d32This Microsoft advisory notification includes updates to advisories 4338110, 180012, and 180002.
011c2460d0078c9c45ab1792e1c44c4c8ff1ead9d294f4c17d068ab3ee6a7e62This Microsoft bulletin summary holds CVE updates for CVE-2018-0976, CVE-2018-1003, and CVE-2018-8136.
cd0dd5b1a61dc39797e47015fcbe3ecbb200494ddc561a8ea2617d0da5f71eebThis Microsoft advisory notification includes advisories released or updated on June 12, 2018.
d3b4dc087730b3c8ec433d799eb5887f036617085942233c670062b9a94d0847Canon PrintMe EFI suffers from a cross site scripting vulnerability.
1cbf7ac2d4d346c2cbc6bfd3c11d137347327d0826f596f99c3e204c710fb95cDebian Linux Security Advisory 4226-1 - Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.
e0d4b28c40b972342d85f4d9e267c2b56cb6f4a9f24f8c60c717404c361083f0Ubuntu Security Notice 3681-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
6182d1400639b09262f9bc1aa526b2067246d087644fc429fee5ee52971053beWordPress WP Google Map plugin versions 4.0.4 and below suffer from remote SQL injection vulnerabilities.
47845a0de05723fa22908baa8f1387f03dc2b7a10302916bf08f5d96fc9dd027tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
c03a9b61dedd452116dd9a8db231545ba08a7c96bce011e0cbd3cfd2c56dcfdaRed Hat Security Advisory 2018-1837-01 - The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives. Issues addressed include a code execution vulnerability.
ee3ffaa0d5cbc982763349c049fa7b83f3cb697d6aa52cf12b950d0a580f92f7WordPress Ultimate Form Builder Lite versions 1.3.7 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
94336025653173391ac5889e704bcfd91b865bf11182e68e4e9264480f585de8Ubuntu Security Notice 3680-1 - Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. Daniel P. Berrange discovered that libvirt incorrectly handled the QEMU guest agent. An attacker could possibly use this issue to consume resources, leading to a denial of service. Various other issues were also addressed.
ff3fc4ce5b6f9d5fcf68d46f3c6240af4b1a6586e72085633f33674eab6a36bbRed Hat Security Advisory 2018-1836-01 - The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives. Issues addressed include a code execution vulnerability.
44860545987c2bda0584dc5b5b2c7f7dc7b5e84c8107536963397effe4e2eeadRed Hat Security Advisory 2018-1826-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
4b381041ec2db87364de1a9d26aa6e7d3eade0b0b1b346b7c010eb99a7ccc47eUbuntu Security Notice 3678-2 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
a861ba565ba75730506975483096a29474b6446046659bf6e8bc9e3df22fa857Ubuntu Security Notice 3678-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
e57ad84d6b9ea0b9108c4cf7c2d832048db4d2b4aed6a99107c3c23eb19672edUbuntu Security Notice 3677-2 - USN-3677-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
c1953b1b76f2fb20d0c04031dff7e5d9392ec2f294f04ffe2f9f4493d60089fcRed Hat Security Advisory 2018-1833-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid based on Infinispan. This release of Red Hat JBoss Data Grid 7.2.1 serves as a replacement for Red Hat JBoss Data Grid 7.2.0 and includes bug fixes and enhancements. You can find a link to the Release Notes that describe these bug fixes and enhancements in the References section of this erratum. Issues addressed include a deserialization vulnerability.
1e71d8bd747ccfad3ae2469493515df42c52ac5f89ae068b5699fe6c52b5f5b1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed