Twenty Year Anniversary
Showing 76 - 100 of 5,607 RSS Feed

Operating System: Debian

glibc 'realpath()' Privilege Escalation
Posted Jun 12, 2018
Authored by halfdog, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library (glibc) version 2.26 and prior. This Metasploit module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath() and create a SUID root shell. The exploit has offsets for glibc versions 2.23-0ubuntu9 and 2.24-11+deb9u1. The target system must have unprivileged user namespaces enabled. This Metasploit module has been tested successfully on Ubuntu Linux 16.04.3 (x86_64) with glibc version 2.23-0ubuntu9; and Debian 9.0 (x86_64) with glibc version 2.24-11+deb9u1.

tags | exploit, shell, root
systems | linux, debian, ubuntu
advisories | CVE-2018-1000001
MD5 | fdde72feb2388aee3f2e93395c3c6363
Debian Security Advisory 4227-1
Posted Jun 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4227-1 - Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive.

tags | advisory
systems | linux, debian
advisories | CVE-2018-1002200
MD5 | 3e6c7e4c336db858ce3c343012428294
Debian Security Advisory 4226-1
Posted Jun 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4226-1 - Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.

tags | advisory
systems | linux, debian
advisories | CVE-2018-12015
MD5 | fa2765272a509416ac08b9def96b1f3d
Debian Security Advisory 4223-1
Posted Jun 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4223-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.

tags | advisory
systems | linux, debian
advisories | CVE-2018-12020
MD5 | 5de2f16d80f3fa5b50328a10036e3b18
Debian Security Advisory 4222-1
Posted Jun 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4222-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.

tags | advisory
systems | linux, debian
advisories | CVE-2018-12020
MD5 | 0aac941a2a25af5264e133c5a1387b2a
Debian Security Advisory 4225-1
Posted Jun 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4225-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.

tags | advisory, java, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815
MD5 | adc0a79a22e87a683003ba79045b5048
Debian Security Advisory 4224-1
Posted Jun 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4224-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.

tags | advisory
systems | linux, debian
advisories | CVE-2018-12020
MD5 | f5973ec905525583de23dde81261f20a
Debian Security Advisory 4220-1
Posted Jun 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4220-1 - Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2018-6126
MD5 | 34f809c7056ae15863580c0c5e59f50b
Debian Security Advisory 4221-1
Posted Jun 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4221-1 - Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.

tags | advisory
systems | linux, debian
advisories | CVE-2018-7225
MD5 | b668ecf77da8dd39c9441c42729dccf6
Debian Security Advisory 4219-1
Posted Jun 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4219-1 - Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.

tags | advisory, java, denial of service, arbitrary, vulnerability, xss, ruby
systems | linux, debian
advisories | CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079
MD5 | 7d3ba91bea7cc4af627f93c7f93e2120
Debian Security Advisory 4218-1
Posted Jun 6, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4218-1 - Several vulnerabilities were discovered in memcached, a high-performance memory object caching system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-9951, CVE-2018-1000115, CVE-2018-1000127
MD5 | bdc08efd0978e5621eb378b74655fd10
Debian Security Advisory 4217-1
Posted Jun 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4217-1 - It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2018-11358, CVE-2018-11360, CVE-2018-11362, CVE-2018-7320, CVE-2018-7334, CVE-2018-7335, CVE-2018-7419, CVE-2018-9261, CVE-2018-9264, CVE-2018-9273
MD5 | ed14b6ee0b3f3db808323e7d461242ca
Debian Security Advisory 4191-2
Posted Jun 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4191-2 - The redmine security update announced as DSA-4191-1 caused regressions with multi-value fields while doing queries on project issues due to an bug in the patch to address CVE-2017-15569. Updated packages are now available to correct this issue.

tags | advisory
systems | linux, debian
MD5 | 5f044ef78e21d9149292db1106af1a36
Debian Security Advisory 4216-1
Posted Jun 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4216-1 - It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation.

tags | advisory
systems | linux, debian
advisories | CVE-2018-10847
MD5 | 150d626152b3845adc7e4a60fc7b246e
Debian Security Advisory 4215-1
Posted Jun 2, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4215-1 - Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.

tags | advisory, xss
systems | linux, debian
advisories | CVE-2017-5662, CVE-2018-8013
MD5 | 3993e80415ade99982b86b799f5588c4
Debian Security Advisory 4214-1
Posted Jun 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4214-1 - It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum.

tags | advisory
systems | linux, debian
advisories | CVE-2018-8012
MD5 | 4a16c31f71a4d9357a2a8587b9ed862d
Debian Security Advisory 4210-1
Posted May 25, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4210-1 - This update provides mitigations for the Spectre v4 variant in x86-based micro processors. On Intel CPUs this requires updated microcode which is currently not released publicly (but your hardware vendor may have issued an update).

tags | advisory, x86
systems | linux, debian
advisories | CVE-2018-3639
MD5 | 675d048788c90a65cc1c06cdbf93690f
Debian Security Advisory 4209-1
Posted May 25, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4209-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5159, CVE-2018-5161, CVE-2018-5162, CVE-2018-5168, CVE-2018-5170, CVE-2018-5178, CVE-2018-5183, CVE-2018-5184, CVE-2018-5185
MD5 | beaf141404bc7f22621c2c7e3ab520cf
Debian Security Advisory 4206-1
Posted May 23, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4206-1 - Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-0920, CVE-2018-8971
MD5 | ff5e7917f02ad2645f82b0b92762d8fd
Debian Security Advisory 4207-1
Posted May 22, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4207-1 - Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages.

tags | advisory, local
systems | linux, debian
advisories | CVE-2018-1106
MD5 | 818bf44649183241556978bcfc04e17d
Debian Security Advisory 4208-1
Posted May 22, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4208-1 - The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126
MD5 | f85b2103baa8b53441d31885f22b6509
Debian Security Advisory 4204-1
Posted May 21, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4204-1 - This update fixes several vulnerabilities in imagemagick, a graphical software suite. Various memory handling problems or issues about incomplete input sanitizing would result in denial of service or memory disclosure.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2017-10995, CVE-2017-11533, CVE-2017-11535, CVE-2017-11639, CVE-2017-13143, CVE-2017-17504, CVE-2017-17879, CVE-2018-5248
MD5 | b2041a18c86e6378b0dd734443fadc12
Debian Security Advisory 4205-1
Posted May 21, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4205-1 - This is an advance notice that regular security support for Debian GNU/Linux 8 (code name "jessie") will be terminated on the 17th of June.

tags | advisory
systems | linux, debian
MD5 | e19684a55bf0a2787106fc6f11027867
Debian Security Advisory 4203-1
Posted May 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4203-1 - Hans Jerry Illikainen discovered a type conversion vulnerability in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2017-17670
MD5 | 1a4526c34c11cb35227ed75e27ac929f
Debian Security Advisory 4202-1
Posted May 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4202-1 - OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.

tags | advisory
systems | linux, debian
advisories | CVE-2018-1000301
MD5 | bca5c9e18380423f0b3f484011c480fc
Page 4 of 225
Back23456Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    2 Files
  • 23
    Sep 23rd
    2 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    30 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close