exploit the possibilities
Showing 26 - 50 of 34,751 RSS Feed

Operating System: Linux

snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/snaps) of the local snapd service. This allows the installation of arbitrary snaps. Snaps in "devmode" bypass the sandbox and may include an "install hook" that is run in the context of root at install time. dirty_sockv2 leverages the vulnerability to install an empty "devmode" snap including a hook that adds a new user to the local system. This user will have permissions to execute sudo commands. As opposed to version one, this does not require the SSH service to be running. It will also work on newer versions of Ubuntu with no Internet connection at all, making it resilient to changes and effective in restricted environments. This exploit should also be effective on non-Ubuntu systems that have installed snapd but that do not support the "create-user" API due to incompatible Linux shell syntax. Some older Ubuntu systems (like 16.04) may not have the snapd components installed that are required for sideloading. If this is the case, this version of the exploit may trigger it to install those dependencies. During that installation, snapd may upgrade itself to a non-vulnerable version. Testing shows that the exploit is still successful in this scenario. This is the second of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, arbitrary, shell, local, root, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
MD5 | e9db49ddfa940a474a61af831e403fe3
snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/create-user) of the local snapd service. This queries the Ubuntu SSO for a username and public SSH key of a provided email address, and then creates a local user based on these value. Successful exploitation for this version requires an outbound Internet connection and an SSH service accessible via localhost. This is one of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, local, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
MD5 | 0dcbfdab6f37dbe3458ba63c7f68ffc7
IPSet List 3.7.1
Posted Feb 12, 2019
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Various updates.
tags | tool, firewall, bash
systems | linux, unix
MD5 | 39ab23a0de4dec4a4905136eb643b467
Ubuntu Security Notice USN-3887-1
Posted Feb 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3887-1 - Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.

tags | advisory, remote, local
systems | linux, unix, ubuntu
advisories | CVE-2019-7304
MD5 | a039dec3039229db20b992fe7a5de40b
Red Hat Security Advisory 2019-0324-01
Posted Feb 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-18397
MD5 | 1a59c85baccb480e7ff45c4e92cbdc7f
Red Hat Security Advisory 2019-0315-01
Posted Feb 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0315-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss, ruby
systems | linux, redhat
advisories | CVE-2018-11627
MD5 | 37af4fadd68586d2c557578b4aa96179
Debian Security Advisory 4377-2
Posted Feb 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4377-2 - The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue.

tags | advisory
systems | linux, debian
MD5 | 1be2024628205aedc3c75bf102820976
CentOS Web Panel 0.9.8.763 Cross Site Scripting
Posted Feb 12, 2019
Authored by DKM

CentOS Web Panel version 0.9.8.763 suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
systems | linux, centos
advisories | CVE-2019-7646
MD5 | 65d33120e280a9e636a124ec0ff6a60f
Debian Security Advisory 4389-1
Posted Feb 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4389-1 - Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or an application with libu2f-host integrated, to potentially execute arbitrary code on that computer.

tags | advisory, overflow, arbitrary, protocol
systems | linux, debian
advisories | CVE-2018-20340
MD5 | 4ee8ca6e4bb55c9264a3428d659dd417
Red Hat Security Advisory 2019-0309-01
Posted Feb 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0309-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2019-5754, CVE-2019-5755, CVE-2019-5756, CVE-2019-5757, CVE-2019-5758, CVE-2019-5759, CVE-2019-5760, CVE-2019-5761, CVE-2019-5762, CVE-2019-5763, CVE-2019-5764, CVE-2019-5765, CVE-2019-5766, CVE-2019-5767, CVE-2019-5768, CVE-2019-5769, CVE-2019-5770, CVE-2019-5771, CVE-2019-5772, CVE-2019-5773, CVE-2019-5774, CVE-2019-5775, CVE-2019-5776, CVE-2019-5777, CVE-2019-5778, CVE-2019-5779, CVE-2019-5780, CVE-2019-5781
MD5 | 3121ab5441e39be58b3ed8ee75189d5f
Mandos Encrypted File System Unattended Reboot Utility 1.8.3
Posted Feb 11, 2019
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
MD5 | b9c3be5d6a050f5355d35c6901aa44a4
Ubuntu Security Notice USN-3886-1
Posted Feb 11, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3886-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-20551
MD5 | 445e431cda5a42ecc285caabc42ac854
Debian Security Advisory 4388-1
Posted Feb 11, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4388-1 - Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-12546, CVE-2018-12550, CVE-2018-12551
MD5 | a89754812c786b6cc5861d985200b79f
Red Hat Security Advisory 2019-0304-01
Posted Feb 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0304-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Issues addressed include an overwrite vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-5736
MD5 | 728ac6d868d074b58602684c70040565
Red Hat Security Advisory 2019-0303-01
Posted Feb 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0303-01 - The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Issues addressed include an overwrite vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-5736
MD5 | d713ae8251766e6516074f2159b764fc
Debian Security Advisory 4387-1
Posted Feb 11, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4387-1 - Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2018-20685, CVE-2019-6109, CVE-2019-6111
MD5 | 186034ec42a5ba2b80b00bd110f34130
Slackware Security Advisory - php Updates
Posted Feb 7, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2 to fix security issues. A bugfix release for -current is also available.

tags | advisory, php
systems | linux, slackware
MD5 | 241501ceb48c75b8e0823857c713c89f
Ubuntu Security Notice USN-3871-5
Posted Feb 7, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3871-5 - Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2018-10876, CVE-2018-10877, CVE-2018-10880, CVE-2018-10883, CVE-2018-14625, CVE-2018-16882, CVE-2018-17972, CVE-2018-18281, CVE-2018-19407, CVE-2018-9516
MD5 | 4b4d0eac27f8b493efdf43f83d8596cc
Ubuntu Security Notice USN-3878-2
Posted Feb 7, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3878-2 - It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information. Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use. A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-14625, CVE-2018-16882, CVE-2018-19407, CVE-2018-19854
MD5 | d8dbdd1eab453e97381b6d1a7b1e34a7
Red Hat Security Advisory 2019-0212-01
Posted Feb 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0212-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss, ruby
systems | linux, redhat
advisories | CVE-2018-11627
MD5 | 6577192796db1ab307a7960b52e49ff6
Ubuntu Security Notice USN-3885-1
Posted Feb 7, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3885-1 - Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output.

tags | advisory, remote, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2018-20685
MD5 | 558941eba51b7779c1347a96125fa2cc
Ubuntu Security Notice USN-3884-1
Posted Feb 7, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3884-1 - It was discovered that libarchive incorrectly handled certain 7zip files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-1000019
MD5 | d1fb528d9a15eafc7742944b5b429bab
Slackware Security Advisory - curl Updates
Posted Feb 7, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-16890, CVE-2019-3822, CVE-2019-3823
MD5 | 94a3f99ebf000e845519b576af5096b3
Debian Security Advisory 4386-1
Posted Feb 7, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4386-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-16890, CVE-2019-3822, CVE-2019-3823
MD5 | 0b5291ca75b37da8828dd930b9951035
Ubuntu Security Notice USN-3883-1
Posted Feb 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3883-1 - It was discovered that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. It was discovered that LibreOffice incorrectly handled embedded SMB connections in document files. If a user were tricked in to opening a specially crafted document, a remote attacker could possibly exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10119, CVE-2018-10583, CVE-2018-16858
MD5 | 3a1aa43861dde35ad0fb4173c374375b
Page 2 of 1,390
Back12345Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    32 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close