what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Ubuntu Security Notice USN-3887-1
Posted Feb 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3887-1 - Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.

tags | advisory, remote, local
systems | linux, unix, ubuntu
advisories | CVE-2019-7304
MD5 | a039dec3039229db20b992fe7a5de40b

Related Files

Ubuntu Security Notice USN-3917-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3917-1 - The snapd default seccomp filter for strict mode snaps blocks the use of the ioctl system call when used with TIOCSTI as the second argument to the system call. Jann Horn discovered that this restriction could be circumvented on 64 bit architectures. A malicious snap could exploit this to bypass intended access restrictions to insert characters into the terminal's input queue. On Ubuntu, snapd typically will have already automatically refreshed itself to snapd 2.37.4 which is unaffected.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-7303
MD5 | 9673787b73f906be9d48ecf914106030
snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/snaps) of the local snapd service. This allows the installation of arbitrary snaps. Snaps in "devmode" bypass the sandbox and may include an "install hook" that is run in the context of root at install time. dirty_sockv2 leverages the vulnerability to install an empty "devmode" snap including a hook that adds a new user to the local system. This user will have permissions to execute sudo commands. As opposed to version one, this does not require the SSH service to be running. It will also work on newer versions of Ubuntu with no Internet connection at all, making it resilient to changes and effective in restricted environments. This exploit should also be effective on non-Ubuntu systems that have installed snapd but that do not support the "create-user" API due to incompatible Linux shell syntax. Some older Ubuntu systems (like 16.04) may not have the snapd components installed that are required for sideloading. If this is the case, this version of the exploit may trigger it to install those dependencies. During that installation, snapd may upgrade itself to a non-vulnerable version. Testing shows that the exploit is still successful in this scenario. This is the second of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, arbitrary, shell, local, root, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
MD5 | e9db49ddfa940a474a61af831e403fe3
snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/create-user) of the local snapd service. This queries the Ubuntu SSO for a username and public SSH key of a provided email address, and then creates a local user based on these value. Successful exploitation for this version requires an outbound Internet connection and an SSH service accessible via localhost. This is one of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, local, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
MD5 | 0dcbfdab6f37dbe3458ba63c7f68ffc7
Snapdeal.com Cross Site Scripting / Redirection
Posted May 31, 2012
Authored by Karthik R

Snapdeal.com suffers from cross site scripting and URL redirection vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 452c9d0c9a633dd88b55f7b5ccd4145e
Ubuntu Security Notice 190-2
Posted Nov 30, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-190-2 - A remote Denial of Service has been discovered in the SMNP (Simple Network Management Protocol) library. If a SNMP agent uses TCP sockets for communication, a malicious SNMP server could exploit this to crash the agent. Please note that by default SNMP uses UDP sockets.

tags | advisory, remote, denial of service, udp, tcp, protocol
systems | linux, ubuntu
advisories | CVE-2005-2177
MD5 | 5b848f7e728645c5e3124a3594940d60
usn-218-1.txt
Posted Nov 22, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-218-1 - Two buffer overflows were discovered in the 'pnmtopng' tool, which were triggered by processing an image with exactly 256 colors when using the -alpha option (CVE-2005-3662) or by processing a text file with very long lines when using the -text option (CVE-2005-3632).

tags | advisory, overflow
systems | linux, ubuntu
MD5 | f10858d50e3c6d73a6a1d48bcc28d194
usn-217-1.txt
Posted Nov 22, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-217-1 - A buffer overflow has been discovered in the SVG importer of Inkscape. By tricking an user into opening a specially crafted SVG image this could be exploited to execute arbitrary code with the privileges of the Inkscape user.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
MD5 | ac4a73d7e0597b5518895be6aca7f1b3
usn-190-2.txt
Posted Nov 22, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-190-2 - USN-190-1 fixed a vulnerability in the net-snmp library. It was discovered that the same problem also affects the ucs-snmp implementation (which is used by the Cyrus email server).

tags | advisory
systems | linux, ubuntu
MD5 | 6c8f49e6f9d2ea174d6c5ff97fedff78
Ubuntu Security Notice 216-1
Posted Nov 20, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-216-1 - Two integer overflows have been discovered in the XPM image loader of the GDK pixbuf library. By tricking an user into opening a specially crafted XPM image with any Gnome desktop application that uses this library, this could be exploited to execute arbitrary code with the privileges of the user running the application. Additionally, specially crafted XPM images could cause an endless loop in the image loader, which could be exploited to cause applications trying to open that image to hang.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-2975, CVE-2005-2976, CVE-2005-3186
MD5 | 6b128d350eb2d94ec361314b0a7d2260
Ubuntu Security Notice 215-1
Posted Nov 12, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-215-1 - Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable on a standard system (unless the user manually tightened his umask setting), which could expose email passwords to local users.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2005-3088
MD5 | a69e3489813a28a2c0aab755a1c8e11d
usn-151-4.txt
Posted Nov 9, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-151-4 - USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since lsb-rpm is statically linked against the zlib library, it is also affected by these issues. The updated packages have been rebuilt against the fixed zlib.

tags | advisory, denial of service, arbitrary, code execution
systems | linux, ubuntu
MD5 | c1b18425d0f835dee94ec8d1da35b820
usn-215-1.txt
Posted Nov 8, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-215-1 - Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable on a standard system (unless the user manually tightened his umask setting), which could expose email passwords to local users.

tags | advisory, local
systems | linux, ubuntu
MD5 | 80dce1e1b7f774b7bdfe686f170e2add
usn-214-1.txt
Posted Nov 8, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-214-1 - Chris Evans discovered several buffer overflows in the libungif library. By tricking an user (or automated system) into processing a specially crafted GIF image, this could be exploited to execute arbitrary code with the privileges of the application using libungif.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
MD5 | a0e36157d85068cc6f93a1fd918e2dbe
Ubuntu Security Notice 213-1
Posted Nov 1, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-213-1 - Tavis Ormandy discovered a privilege escalation vulnerability in sudo. On executing shell scripts with sudo, the P4 and SHELLOPTS environment variables were not cleaned properly. If sudo is set up to grant limited sudo privileges to normal users this could be exploited to run arbitrary commands as the target user.

tags | advisory, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2005-2959
MD5 | 646044a46ed8d15ee357416d8dc65df6
Ubuntu Security Notice 151-3
Posted Oct 31, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-151-3 - USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since aide is statically linked against the zlib library, it is also affected by these issues.

tags | advisory, denial of service, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2005-1849, CVE-2005-2096
MD5 | a407bb38c155967871980fb267291719
Ubuntu Security Notice 212-1
Posted Oct 30, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-212-1 - Steve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-2958
MD5 | b97d5deb4fa1fd5692e5d87d0eff9968
Ubuntu Security Notice 211-1
Posted Oct 26, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-211-1 - Hadmut Danish discovered an information disclosure vulnerability in the key selection dialog of the Mozilla/Thunderbird enigmail plugin. If a user's keyring contained a key with an empty user id (i. e. a key without a name and email address), this key was selected by default when the user attempted to send an encrypted email. Unless this empty key was manually deselected, the message got encrypted for that empty key, whose owner could then decrypt it.

tags | advisory, info disclosure
systems | linux, ubuntu
MD5 | 1f7dfd4ed90ccfe535968636db988a01
usn-210-1.txt
Posted Oct 18, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-210-1 - A buffer overflow was found in the "pnmtopng" conversion program. By tricking an user (or automated system) to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
MD5 | 34649a166cac7845c8d5bccfae3ef2fa
usn-208-1.txt
Posted Oct 18, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-208-1 - An information disclosure vulnerability has been found in the SSH server. When the GSSAPIAuthentication option was enabled, the SSH server could send GSSAPI credentials even to users who attempted to log in with a method other than GSSAPI. This could inadvertently expose these credentials to an untrusted user.

tags | advisory, info disclosure
systems | linux, ubuntu
advisories | CVE-2005-2798
MD5 | 78486fc5481eb3726ac25a0ab70e64c1
usn-207-1.txt
Posted Oct 18, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-207-1 - A bug has been found in the handling of the open_basedir directive handling. Contrary to the specification, the value of open_basedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash ('/'). For example, this allowed PHP scripts to access the directory /home/user10 when open_basedir was configured to '/home/user1/'.

tags | advisory, php
systems | linux, ubuntu
advisories | CVE-2005-3054
MD5 | 4a8f56e2c77f583968d6e2974c593e96
usn-206-1.txt
Posted Oct 18, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-206-1 - Ulf Harnhammar discovered a remote vulnerability in Lynx when connecting to a news server (NNTP). The function that added missing escape chararacters to article headers did not check the size of the target buffer. Specially crafted news entries could trigger a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user running lynx. In order to exploit this, the user is not even required to actively visit a news site with Lynx since a malicious HTML page could automatically redirect to an nntp:// URL with malicious news items.

tags | advisory, remote, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-3120
MD5 | b20e59ff8195554e42fc7bd1e293314c
usn-204-1.txt
Posted Oct 18, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-204-1 - Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL applications. Applications using the OpenSSL library can use the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the former) to maintain compatibility with third party products, which is achieved by working around known bugs in them.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2005-2969
MD5 | 00eba36a3c5523730061055fdb878bfb
Ubuntu Security Notice 203-1
Posted Oct 15, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-203-1 - Chris Evans discovered several buffer overflows in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-2972
MD5 | b569b06a5345aa35394dde8af9fd0fe3
Ubuntu Security Notice 202-1
Posted Oct 13, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-202-1 - Chris Evans discovered a buffer overflow in the RTF import module of KOffice. By tricking a user into opening a specially-crafted RTF file, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-2971
MD5 | a1ebc4042b66f29356adabbc80bcb5d6
Ubuntu Security Notice 201-1
Posted Oct 12, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-201-1 - Several Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him.

tags | advisory, remote, web, arbitrary, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2005-2724, CVE-2005-2769, CVE-2005-2820
MD5 | ef0772c77ae6d3b7a111bb0a0090afa1
Page 1 of 4
Back1234Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    9 Files
  • 23
    Aug 23rd
    3 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close