exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 44,641 RSS Feed

Operating System: Linux

io_uring Same Type Object Reuse Privilege Escalation
Posted Feb 1, 2023
Authored by h00die, Mathias Krause, Ryota Shiga | Site metasploit.com

This Metasploit module exploits a bug in io_uring leading to an additional put_cred() that can be exploited to hijack credentials of other processes. This exploit will spawn SUID programs to get the freed cred object reallocated by a privileged process and abuse them to create a SUID root binary that will pop a shell. The dangling cred pointer will, however, lead to a kernel panic as soon as the task terminates and its credentials are destroyed. We therefore detach from the controlling terminal, block all signals and rest in silence until the system shuts down and we get killed hard, just to cry in vain, seeing the kernel collapse. The bug affected kernels from v5.12-rc3 to v5.14-rc7. More than 1 CPU is required for exploitation. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.

tags | exploit, shell, kernel, root
systems | linux, ubuntu
advisories | CVE-2022-1043
SHA-256 | ddab5b3975fc82e2a23c5e4e05a57af4893abfbc613df02d507c1013c62dc088
vmwgfx Driver File Descriptor Handling Privilege Escalation
Posted Feb 1, 2023
Authored by h00die, Mathias Krause | Site metasploit.com

If the vmwgfx driver fails to copy the fence_rep object to userland, it tries to recover by deallocating the (already populated) file descriptor. This is wrong, as the fd gets released via put_unused_fd() which shouldn't be used, as the fd table slot was already populated via the previous call to fd_install(). This leaves userland with a valid fd table entry pointing to a freed file object. The authors use this bug to overwrite a SUID binary with their payload and gain root. Linux kernel versions 4.14-rc1 - 5.17-rc1 are vulnerable. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2022-22942
SHA-256 | 6360a81de99a383330c5955ece5414f2f3b254143f1a5b9246e669769aa929fc
Ubuntu Security Notice USN-5838-1
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5838-1 - It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on MNG file. If a user were tricked into opening a specially crafted MNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on ZIP file. If a user were tricked into opening a specially crafted ZIP file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-35014, CVE-2022-35018, CVE-2022-35020
SHA-256 | 51d4e5a2e0a6df65689e8d7a335a40c36fc5a84df4a2489eebba63551dc26c38
Ubuntu Security Notice USN-5837-2
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5837-2 - USN-5837-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Nick Pope discovered that Django incorrectly handled certain Accept-Language headers. A remote attacker could possibly use this issue to cause Django to consume memory, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-23969
SHA-256 | 1258c9d42c34f23238ae4659494b2ab12495cb166903f1fc143f498b5d021672
Ubuntu Security Notice USN-5839-1
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2006-20001, CVE-2022-36760, CVE-2022-37436
SHA-256 | 51cd55c0a4d0ca801aadbd2957e3cf62a2298f81b93aff2b7cd8508a8614cf0c
Ubuntu Security Notice USN-5837-1
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5837-1 - Nick Pope discovered that Django incorrectly handled certain Accept-Language headers. A remote attacker could possibly use this issue to cause Django to consume memory, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-23969
SHA-256 | ddc4a1a3b076b54a17094997d9f5e44de99e5a974a151c5539a5b7cf54af5773
Ubuntu Security Notice USN-4781-2
Posted Feb 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4781-2 - USN-4781-1 fixed several vulnerabilities in Slurm. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10030, CVE-2017-15566, CVE-2018-10995, CVE-2018-7033, CVE-2019-6438, CVE-2020-12693, CVE-2020-27745, CVE-2020-27746, CVE-2021-31215
SHA-256 | 59515a2b771f58c345614b48a32221dcb6959e15bd4041dfd89c08c06148282c
Ubuntu Security Notice USN-5836-1
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5836-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-47024, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433
SHA-256 | 695585aeade2a3c26904b99549588433713177c334b05ed806179ae8d4af1b8f
Red Hat Security Advisory 2023-0553-01
Posted Jan 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0553-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2015-9251, CVE-2016-10735, CVE-2017-18214, CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, CVE-2019-11358, CVE-2019-8331, CVE-2020-11022, CVE-2020-11023, CVE-2022-3143, CVE-2022-40149, CVE-2022-40150, CVE-2022-40152
SHA-256 | b1c38f65bae3193ed8c668b2bae1cee800e1ccc28c19fe1cdfede86f7cf64425
Red Hat Security Advisory 2023-0552-01
Posted Jan 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0552-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2015-9251, CVE-2016-10735, CVE-2017-18214, CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, CVE-2019-11358, CVE-2019-8331, CVE-2020-11022, CVE-2020-11023, CVE-2022-3143, CVE-2022-40149, CVE-2022-40150, CVE-2022-40152
SHA-256 | 006e90c63a69c501c16f89812a5a1aaf7502785b6b055395eb2ad74a1842941e
Red Hat Security Advisory 2023-0554-01
Posted Jan 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0554-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2015-9251, CVE-2016-10735, CVE-2017-18214, CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, CVE-2019-11358, CVE-2019-8331, CVE-2020-11022, CVE-2020-11023, CVE-2022-3143, CVE-2022-40149, CVE-2022-40150, CVE-2022-40152
SHA-256 | e90ca13f238e697d7a29099622998f986479754c0835d83a15b54b13aa1987a6
Red Hat Security Advisory 2023-0556-01
Posted Jan 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0556-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2015-9251, CVE-2016-10735, CVE-2017-18214, CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, CVE-2019-11358, CVE-2019-8331, CVE-2020-11022, CVE-2020-11023, CVE-2022-3143, CVE-2022-40149, CVE-2022-40150, CVE-2022-40152
SHA-256 | fdd1e59f82d92219da0e2d2df0b897f5c18f334dce9ba31e6253e2a5b32a8562
Ubuntu Security Notice USN-5834-1
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5834-1 - It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2006-20001, CVE-2022-36760
SHA-256 | 6efee65211f04fee00bb50c4c029fc349fc21db0290cb03b636a2739c23b1a93
Ubuntu Security Notice USN-5835-3
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5835-3 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-47951
SHA-256 | 4f0a5499385b4c636708b12bdb6f9102c53b1da14fe9a66a60cebc7215b1cfbe
Ubuntu Security Notice USN-5835-2
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5835-2 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that OpenStack Glance incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-47951
SHA-256 | 3fb505612e419d1d2c3f5347e187d7b947f82bc4c448a5a408057987d90c1572
Ubuntu Security Notice USN-5835-1
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5835-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-47951
SHA-256 | c3b02490c9fb9598caf6f78dca5d1608afdcf55d22ee7f8ae3e403ca232a9dcc
Ubuntu Security Notice USN-5833-1
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5833-1 - Sebastian Chnelik discovered that python-future incorrectly handled certain HTTP header field. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, web, denial of service, python
systems | linux, ubuntu
advisories | CVE-2022-40899
SHA-256 | d15cff8644784b9d4f12f574dd93984e0f0dfda35c43880b6bf30496f902b79a
Red Hat Security Advisory 2023-0450-01
Posted Jan 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0450-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-46174
SHA-256 | 5e212f18292d3e78f7516c35b21d43f5b53af9868c7ebd29964a4998efdd91d5
Red Hat Security Advisory 2023-0540-01
Posted Jan 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0540-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4238
SHA-256 | 6001920729dfec97e09573596dcfdc19ebe283e4ce407c42db318b7fc731ebcf
Red Hat Security Advisory 2023-0449-01
Posted Jan 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0449-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.1.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-4238
SHA-256 | 726bfc58a7a038280d33e55d6dea407a146da9de969fa7c9460e4ae98e1bbea7
Red Hat Security Advisory 2023-0542-01
Posted Jan 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2016-3709, CVE-2021-23648, CVE-2021-4238, CVE-2021-46848, CVE-2022-1304, CVE-2022-1705, CVE-2022-1962, CVE-2022-21673, CVE-2022-21698, CVE-2022-21702, CVE-2022-21703, CVE-2022-21713, CVE-2022-22624, CVE-2022-22628
SHA-256 | d0ec81ac694e922500234d90eb37e90222ddaf5b72118f0b1c21008e8f27c7e2
Red Hat Security Advisory 2023-0544-01
Posted Jan 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0544-01 - This patch, Camel for Spring Boot 3.14.5 Patch 1, serves as a replacement for the previous release of Camel for Spring Boot 3.14.5 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. This release of Camel for Spring Boot includes CXF artifacts that were missing from the previous 3.14.5 release. Issues addressed include a server-side request forgery vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-40149, CVE-2022-45693, CVE-2022-46363, CVE-2022-46364
SHA-256 | 489c108fec329cf77b35d28d1f85ba5d1b39602e1324910c726cb4f3b1be1bfc
Ubuntu Security Notice USN-5832-1
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5832-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-3643, CVE-2022-42896, CVE-2022-4378, CVE-2022-45934
SHA-256 | b242d051794285ce6fb5ea0e2560337d6d70a05108712a3794e5a8724e9960af
Red Hat Security Advisory 2023-0530-01
Posted Jan 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0530-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-47629
SHA-256 | d37ea6e81a72b1990d52094b2bb32d87c8b89b8b020202307951c1b7d7acaf2b
Red Hat Security Advisory 2023-0536-01
Posted Jan 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0536-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-2964, CVE-2022-4139
SHA-256 | db3cdec09f4fa18614ad2c2f7b915eebef7167898fe789825310fcf2d185841a
Page 1 of 1,786
Back12345Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close