Exploit the possiblities
Showing 1 - 25 of 5,500 RSS Feed

Operating System: Ubuntu

Ubuntu Security Notice USN-3574-1
Posted Feb 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3574-1 - It was discovered that Bind incorrectly handled DNSSEC validation. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-5735
MD5 | 5ac93a694ca6f1a6801fa0dd81499717
Ubuntu Security Notice USN-3573-1
Posted Feb 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3573-1 - It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. An attacker could use this to expose sensitive information or possibly cause a denial of service. This issue only affected Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5378, CVE-2018-5379, CVE-2018-5380, CVE-2018-5381
MD5 | 4bf40e5eb2a89c17a32d70017f86d306
Ubuntu Security Notice USN-3572-1
Posted Feb 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3572-1 - It was discovered that FreeType incorrectly handled certain files. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-6942
MD5 | 91f73d44fcf28541ea13c58d020e8c86
Ubuntu Security Notice USN-3571-1
Posted Feb 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3571-1 - It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. It was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1693, CVE-2015-2774, CVE-2016-10253, CVE-2017-1000385
MD5 | 48078f291ae5b42550e24c0643b482f1
Ubuntu Security Notice USN-3570-1
Posted Feb 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3570-1 - Joonun Jang discovered that AdvanceCOMP incorrectly handled certain malformed zip files. If a user or automated system were tricked into processing a specially crafted zip file, a remote attacker could cause AdvanceCOMP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1056
MD5 | de3a12a7ac229f31e97ba122d3de7796
Ubuntu Security Notice USN-3569-1
Posted Feb 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3569-1 - It was discovered that libvorbis incorrectly handled certain sound files. An attacker could possibly use this to execute arbitrary code. It was discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-14632, CVE-2017-14633
MD5 | 14e4e469973769025ea7a81e687d7513
Ubuntu Security Notice USN-3568-1
Posted Feb 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3568-1 - Hanno Böck discovered that WavPack incorrectly handled certain WV files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10169, CVE-2018-6767
MD5 | 341a15c1a6a19b3ca70bc42de7d56e27
Ubuntu Security Notice USN-3567-1
Posted Feb 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3567-1 - It was discovered that Puppet incorrectly handled permissions when unpacking certain tarballs. A local user could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2017-10689
MD5 | ad1019de06fee1430c20c24f057820db
Ubuntu Security Notice USN-3566-1
Posted Feb 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3566-1 - It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php, xss
systems | linux, ubuntu
advisories | CVE-2017-12933, CVE-2017-16642, CVE-2018-5712
MD5 | 0b5c9a022daec85647b0067cd2617764
Ubuntu Security Notice USN-3565-1
Posted Feb 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3565-1 - Meh Chang discovered that Exim incorrectly handled memory in certain decoding operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-6789
MD5 | a5e7763e74dc8b6d7403bba290d678e9
Juju-run Agent Privilege Escalation
Posted Feb 11, 2018
Authored by Brendan Coles, David Ames, Ryan Beisner | Site metasploit.com

This Metasploit module attempts to gain root privileges on Juju agent systems running the juju-run agent utility. Juju agent systems running agent tools prior to version 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3, provide a UNIX domain socket to manage software ("units") without setting appropriate permissions, allowing unprivileged local users to execute arbitrary commands as root. This Metasploit module has been tested successfully with Juju agent tools versions 1.18.4, 1.25.5 and 1.25.9 on Ubuntu 14.04.1 LTS x86 deployed by Juju 1.18.1-trusty-amd64 and 1.25.6-trusty-amd64 on Ubuntu 14.04.1 LTS x86_64.

tags | exploit, arbitrary, x86, local, root
systems | linux, unix, ubuntu
advisories | CVE-2017-9232
MD5 | eb38e1fdceb4a094a0ae325d89253b30
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
Posted Feb 10, 2018
Authored by Marco Ivaldi, Tavis Ormandy, Todor Donev, zx2c4, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables. This allows loading arbitrary shared objects from the trusted library search path with the privileges of the suid user. This Metasploit module uses LD_AUDIT to load the libpcprofile.so shared object, distributed with some versions of glibc, and leverages arbitrary file creation functionality in the library constructor to write a root-owned world-writable file to a system trusted search path (usually /lib). The file is then overwritten with a shared object then loaded with LD_AUDIT resulting in arbitrary code execution. This Metasploit module has been tested successfully on glibc version 2.11.1 on Ubuntu 10.04 x86_64 and version 2.7 on Debian 5.0.4 i386. RHEL 5 is reportedly affected, but untested. Some glibc distributions do not contain the libpcprofile.so library required for successful exploitation.

tags | exploit, arbitrary, root, code execution
systems | linux, debian, ubuntu
advisories | CVE-2010-3847, CVE-2010-3856
MD5 | 2bf9e1106acf9e1f0a7b618fe7f2da3f
Ubuntu Security Notice USN-3564-1
Posted Feb 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3564-1 - It was discovered that PostgreSQL incorrectly handled certain temp files. An attacker could possibly use this to access sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-1053
MD5 | 5af7d389ff830ec39d14beb69a978b63
Ubuntu Security Notice USN-3563-1
Posted Feb 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3563-1 - It was discovered that Mailman incorrectly handled certain web scripts. An attacker could possibly use this to inject arbitrary code.

tags | advisory, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5950
MD5 | 94c8f3233523698b33de44032dd25b3f
Ubuntu Security Notice USN-3562-1
Posted Feb 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3562-1 - It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1000494
MD5 | 1671dd117f57cd5b5416c1a43e0e38b9
Ubuntu Security Notice USN-3561-1
Posted Feb 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3561-1 - It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5715
MD5 | 723edcb7a6f5e9a9cddff2b48c964a2f
Ubuntu Security Notice USN-3560-1
Posted Feb 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3560-1 - It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64, i386, and s390x. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5715
MD5 | a056895c22dbc010426c5ff911cbe55c
Ubuntu Security Notice USN-3559-1
Posted Feb 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3559-1 - It was discovered that Django incorrectly handled certain requests. An attacker could possibly use this to access sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-12794, CVE-2018-6188
MD5 | cb82ff129fab8d9680f8acfa90d02ff4
Ubuntu Security Notice USN-3558-1
Posted Feb 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3558-1 - Karim Hossen and Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that systemd incorrectly handled automounted volumes. A local attacker could possibly use this issue to cause applications to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2017-15908, CVE-2018-1049
MD5 | 7581b4ef340da5d924ce969867315c2b
Ubuntu Security Notice USN-3550-2
Posted Feb 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3550-2 - USN-3550-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380
MD5 | b65cdfc25e9e64d2f2b057e5a293426c
Ubuntu Security Notice USN-3557-1
Posted Feb 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3557-1 - Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. William Lima discovered that Squid incorrectly handled XML parsing when processing Edge Side Includes. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-3948, CVE-2018-1000024, CVE-2018-1000027
MD5 | 25c1bdc970b03d48bda07647da4cf61c
Apport / ABRT chroot Privilege Escalation
Posted Feb 3, 2018
Authored by Tavis Ormandy, Brendan Coles, StA(c)phane Graber, Ricardo F. Teixeira | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace ("container"). Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container's Apport by changing the root directory before loading the crash report, causing 'usr/share/apport/apport' within the crashed task's directory to be executed. Similarly, Fedora is vulnerable when the kernel crash handler is configured to change root directory before executing ABRT, causing 'usr/libexec/abrt-hook-ccpp' within the crashed task's directory to be executed. In both instances, the crash handler does not drop privileges, resulting in code execution as root. This Metasploit module has been tested successfully on Apport 2.14.1 on Ubuntu 14.04.1 LTS x86 and x86_64 and ABRT on Fedora 19 and 20 x86_64.

tags | exploit, x86, kernel, root, code execution
systems | linux, fedora, ubuntu
advisories | CVE-2015-1318
MD5 | 1dc9fd5c90665c8934d2712e757240c3
Ubuntu Security Notice USN-3556-2
Posted Feb 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3556-2 - USN-3556-1 fixed vulnerabilities in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to bypass authentication and access sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-6171, CVE-2017-15132
MD5 | 4091c7cb3a9ad7e3a4944059d46c34e6
Ubuntu Security Notice USN-3556-1
Posted Feb 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3556-1 - It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-15132
MD5 | 294630c680214a3ee5baa8d8152aa817
Ubuntu Security Notice USN-3555-2
Posted Feb 1, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3555-2 - USN-3555-2 fixed vulnerabilities in w3m. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-6196, CVE-2018-6197, CVE-2018-6198
MD5 | b5ecb3e8a160a20e73d724c3c19611fe
Page 1 of 220
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    11 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close