Exploit the possiblities
Showing 1 - 25 of 32,894 RSS Feed

Operating System: Linux

Mandos Encrypted File System Unattended Reboot Utility 1.7.19
Posted Feb 23, 2018
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
MD5 | 9073336d6b6993677a5214631dc914ed
Kernel Live Patch Security Notice LSN-0035-1
Posted Feb 23, 2018
Authored by Benjamin M. Romer

On February 22, fixes for CVE-2017-5715 were released into the Ubuntu Xenial kernel version 4.4.0-116.140. This CVE, also known as "Spectre," is caused by flaws in the design of speculative execution hardware in the computer's CPU, and could be used to access sensitive information in kernel memory.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5715
MD5 | 95a67778ff266fb5d137537edcd1a426
Ubuntu Security Notice USN-3583-2
Posted Feb 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3583-2 - USN-3583-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-0750, CVE-2017-0861, CVE-2017-1000407, CVE-2017-12153, CVE-2017-12190, CVE-2017-12192, CVE-2017-14051, CVE-2017-14140, CVE-2017-14156, CVE-2017-14489, CVE-2017-15102, CVE-2017-15115, CVE-2017-15274, CVE-2017-15868, CVE-2017-16525, CVE-2017-17450, CVE-2017-17806, CVE-2017-18017, CVE-2017-5669, CVE-2017-7542, CVE-2017-7889, CVE-2017-8824, CVE-2018-5333, CVE-2018-5344
MD5 | 31d9ad4299f2ef96b20bed7917d8b10e
Ubuntu Security Notice USN-3583-1
Posted Feb 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3583-1 - It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0750, CVE-2017-0861, CVE-2017-1000407, CVE-2017-12153, CVE-2017-12190, CVE-2017-12192, CVE-2017-14051, CVE-2017-14140, CVE-2017-14156, CVE-2017-14489, CVE-2017-15102, CVE-2017-15115, CVE-2017-15274, CVE-2017-15868, CVE-2017-16525, CVE-2017-17450, CVE-2017-17806, CVE-2017-18017, CVE-2017-5669, CVE-2017-5754, CVE-2017-7542, CVE-2017-7889, CVE-2017-8824, CVE-2018-5333, CVE-2018-5344
MD5 | 72f5ce45fa98483fb5383129af775873
Ubuntu Security Notice USN-3581-3
Posted Feb 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3581-3 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code, Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-15115, CVE-2017-17712, CVE-2017-8824
MD5 | f52899fcabafc11193cef9acc4823a7a
Debian Security Advisory 4122-1
Posted Feb 23, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4122-1 - Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2018-1000024, CVE-2018-1000027
MD5 | 9ef4b3729b02dbd49c78b7e5631e5ef4
Debian Security Advisory 4120-1
Posted Feb 22, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4120-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2017-13166, CVE-2017-5715, CVE-2017-5754, CVE-2018-5750
MD5 | 87f0dca6b1b225ebfb15055fac6299cf
Ubuntu Security Notice USN-3578-1
Posted Feb 22, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3578-1 - It was discovered that WavPack incorrectly handled certain DSDIFF files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. It was discovered that WavPack incorrectly handled certain CAF files. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-7253, CVE-2018-7254
MD5 | 093c36406254535a4e4968469d204da6
Debian Security Advisory 4121-1
Posted Feb 22, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4121-1 - This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates.

tags | advisory, kernel
systems | linux, debian
MD5 | 87245a623ef26fdd0d572d9e12848b6f
Ubuntu Security Notice USN-3582-2
Posted Feb 22, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3582-2 - USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-8952, CVE-2017-12190, CVE-2017-15115, CVE-2017-17712, CVE-2017-5715, CVE-2017-8824
MD5 | 587cb9ef4fb21c7488d73d97033aa051
Ubuntu Security Notice USN-3582-1
Posted Feb 22, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3582-1 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Laurent Guerby discovered that the mbcache feature in the ext2 and ext4 filesystems in the Linux kernel improperly handled xattr block caching. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8952, CVE-2017-12190, CVE-2017-15115, CVE-2017-17712, CVE-2017-5715, CVE-2017-8824
MD5 | 7c867a8643606e86327bf1724e3a46da
Ubuntu Security Notice USN-3581-2
Posted Feb 22, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3581-2 - USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-15115, CVE-2017-17712, CVE-2017-5715, CVE-2017-8824
MD5 | 7fdede0e39ae00638778b9bf284ef71d
Ubuntu Security Notice USN-3581-1
Posted Feb 22, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3581-1 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code, Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-15115, CVE-2017-17712, CVE-2017-5715, CVE-2017-8824
MD5 | 5dd450ca1fbdd3139e2d0a7cecf19bc3
Red Hat Security Advisory 2018-0342-01
Posted Feb 21, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0342-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Further classes that an attacker could use to achieve code execution through deserialisation were discovered, and added to the blacklist introduced by CVE-2017-7525.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2017-15095, CVE-2017-17485, CVE-2017-7525
MD5 | d7783e178d0505caf8949d037b739bcb
Ubuntu Security Notice USN-3580-1
Posted Feb 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3580-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 5cd5f937c9a4f68d07be05dca40f5d41
Ubuntu Security Notice USN-3579-1
Posted Feb 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3579-1 - It was discovered that =WEBSERVICE calls in a document could be used to read arbitrary files. If a user were tricked in to opening a specially crafted document, a remote attacker could exploit this to obtain sensitive information.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-6871
MD5 | 9b82b7ed91db66d7214cb67df6fa56c2
Red Hat Security Advisory 2018-0336-01
Posted Feb 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0336-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-6459, CVE-2014-8183, CVE-2016-1669, CVE-2016-3693, CVE-2016-3696, CVE-2016-3704, CVE-2016-4451, CVE-2016-4995, CVE-2016-4996, CVE-2016-6319, CVE-2016-8639, CVE-2016-9593, CVE-2016-9595, CVE-2017-2667, CVE-2017-2672
MD5 | 321ab6f0a0184312cc9770bd037c6df7
Ubuntu Security Notice USN-3577-1
Posted Feb 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3577-1 - Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2017-18190
MD5 | 73e8a98550dd664c32df48cec1e47b6c
Red Hat Security Advisory 2018-0334-01
Posted Feb 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0334-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.167. Security Fix: chromium-browser: incorrect derived class instantiation in v8.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-6056
MD5 | 1bf3920760fb2e14938aac7906098075
Ubuntu Security Notice USN-3576-1
Posted Feb 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3576-1 - Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-5008, CVE-2017-1000256, CVE-2018-5748, CVE-2018-6764
MD5 | 931859bd5d694e9c9b0cfb0c3d3fb153
Ubuntu Security Notice USN-3575-1
Posted Feb 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3575-1 - It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-11334, CVE-2017-13672, CVE-2017-14167, CVE-2017-15038, CVE-2017-15118, CVE-2017-15119, CVE-2017-15124, CVE-2017-15268, CVE-2017-15289, CVE-2017-16845, CVE-2017-17381, CVE-2017-18043, CVE-2018-5683
MD5 | bd2712c7c70f27164ec4d237cb2e9d33
MagniComp SysInfo mcsiwrapper Privilege Escalation
Posted Feb 20, 2018
Authored by Brendan Coles, Daniel Lawson, Romain Trouve | Site metasploit.com

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This Metasploit module abuses this functionality to set the load path resulting in execution of arbitrary code as root. This Metasploit module has been tested successfully with SysInfo version 10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.

tags | exploit, arbitrary, x86, root
systems | linux, solaris, debian, fedora
advisories | CVE-2017-6516
MD5 | 8b66a6c82ba59a4ce479a1d17b9e36b6
Gentoo Linux Security Advisory 201802-06
Posted Feb 20, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201802-6 - A vulnerability in LibreOffice might allow remote attackers to read arbitrary files. Versions less than 5.4.5.1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2018-6871
MD5 | 1e3e65ab877e7b8d76068f51e4d19eb3
Gentoo Linux Security Advisory 201802-05
Posted Feb 20, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201802-5 - A vulnerability has been found in Ruby which may allow for arbitrary command execution. Versions less than 2.2.9:2.2 are affected.

tags | advisory, arbitrary, ruby
systems | linux, gentoo
advisories | CVE-2017-17405
MD5 | 013a559d47b485c86bbb96a6c30d869b
Gentoo Linux Security Advisory 201802-04
Posted Feb 20, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201802-4 - Multiple vulnerabilities were found in MySQL, the worst of which may allow remote execution of arbitrary code. Versions less than 5.6.39 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-10155, CVE-2017-10227, CVE-2017-10268, CVE-2017-10276, CVE-2017-10283, CVE-2017-10286, CVE-2017-10294, CVE-2017-10314, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3450, CVE-2017-3452, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3599, CVE-2017-3600, CVE-2017-3633, CVE-2017-3634, CVE-2017-3635
MD5 | 903f54350b730d80d84df608a73211ba
Page 1 of 1,316
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    16 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    16 Files
  • 23
    Feb 23rd
    31 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close