A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.
cdf458fa2ff6a679afd1037bdb879758b301305b20f223b3aade629bb97b04bcUbuntu Security Notice 1497-1 - Matthias Weckbecker discovered that, when using the OpenStack API to setup libvirt-based hypervisors, an authenticated user could inject files in arbitrary locations on the file system of the host running Nova. A remote attacker could use this to gain root privileges. This issue only affects Ubuntu 12.04 LTS. Padraig Brady discovered that an authenticated user could corrupt arbitrary files of the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.
6e12798a2feb912d78105cce29f97f758bf35dbc4d8aa8f5c10843511e3f1435Apple iTunes version 10.6.1.7 M3U playlist file walking heap buffer overflow proof of concept exploit. This also affects 10.6.0.40.
6ca043856d67f4a832ccf2fb3c9bc2d684d525d689f7920b7106be12c3031bb0Edimax version IC-3030iWn web administrative authentication bypass exploit. Written to use on a Mac. This also affects Edimax IC-3015 and Airlive WN 500.
752e66671fbfcb2b8ecd43374b58b4b79148ce19656b38f3936ce93089219033Apache CXF does not verify that elements were signed or encrypted by a particular Supporting Token. This affects all released versions as of 06/08/2012.
c9c7fa7be43cf530477727dcae683b3b6071776b83dccb3e1ab0dc315ec3a472This archive includes two exploits, one metasploit and one not, for the Gimp Script-Fu buffer overflow that affects versions 2.6.11.
e3ee9638af229ed6aa5180a0fb3e878840830b2522da449e5f24b626cf12dc82Concrete CMS version 5.5.2.1 suffers from a cross site scripting vulnerability and only affects logged in users.
d3b0e8d1d0bf2381d1dfaa94a250cc5cd032420de2be4ed34a311905b867a10eMandriva Linux Security Advisory 2012-060 - A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio that affects S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7 or SMIME_read_CMS. The updated packages have been patched to correct this issue.
7142e404c604651a4de9f5df2e213ba7bf268b765edfd778fb1588130a165768Aruba Networks Security Advisory - This file encapsulates two different advisories for Aruba. An OS command injection vulnerability has been discovered in the Aruba Remote Access Point's Diagnostic Web Interface. When running the diagnostic web interface, arbitrary system commands can be executed as the root user on the Remote device by an unauthenticated attacker. An EAP-TLS 802.1X user authentication bypass vulnerability was discovered during standard internal bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers with EAP-TLS 802.1X local termination enabled.
fc9b29b42af629b403c4c9264f8bcf8cadfb0dfed09429f33e44e6c31b6066e92X Client for RDP version 10.1.1204 suffers from a ClientSystem class active-x control download and execute vulnerability that affects TuxClientSystem.dll.
27227020ccb5074c6aa97e3a7d52d21c14c048d281d198b91a577d394154d6b4This Metasploit module exploits a stack-based buffer overflow vulnerability in IBM Personal Communications I-Series. The issue affects file parsing in which data copied to a location in memory exceeds the size of the reserved destination area. The buffer is located on the runtime program stack. Versions tested: IBM System i Access for Windows V6R1M0 version 06.01.0001.0000a which bundles pcsws.exe version 5090.27271.709.
466e2459c3b7c7835607910609c5997d620ec132852f11a98e5e4ee4f42e0214Local root exploit that affects Linux kernel versions up to 2.6.18. It takes advantage of a flaw in the udp_sendmsg function.
5f8fab9df021ada7f06193064a65502d568ab2c8b92783556af8c144bc279b53This Metasploit module exploits a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java (for example: IE, Firefox, Google Chrome, etc).
d91e779ec520d6b5000796fbb5510410cdd34ecb929017aa6bdbbf0c838eed04THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection. Windows binary version.
ec82cd6af4177e4a8b85e8a626ee51b84eae5e08cf6958418b50d517c68148c9THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection.
ed7020c0275df347123a0b49a345aa44b2ec9b2ac9b1471870303b8b95c7ef87Black Hat Academy has decided to go open source with the Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java.
36303b4d6d25064a2ca162802f5dd9c42e121666c9a8518b0f3c3041b3c36994The LedgerSMB development team has found an SQL injection issue in LedgerSMB version 1.2.24. Because this issue stems from their common SQL-Ledger heritage, it affects all versions of LedgerSMB and has been confirmed in SQL-Ledger version 2.8.33.
d46a40d761ab4f653c338833304f4974937256b45896dba52e8970d226b6ce1cRed Hat Security Advisory 2011-1163-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update includes backported fixes for two security issues. These issues only affected users of Red Hat Enterprise Linux 5.6 Extended Update Support, as they have already been addressed for users of Red Hat Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065. A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization extensions enabled.
303a3ecb417ff2aea1d5fb21e19aaeb2898de66ab0083338f682f82189a3a67dThe libavcodec library, an open source video encoding/decoding library part of the FFmpeg and Libav projects, performs insufficient boundary check against a buffer index. The missing check can result in arbitrary read/write of data outside a destination buffer boundaries. The vulnerability affects the Chinese AVS video (CAVS) file format decoder, specially crafted CAVS files may lead to arbitrary code execution during decoding.
2fa88819712d2684e260c17f8e2578209ceca2f13e8054b71311db41b94f041dATutor AContent version 1.1 suffers from multiple cross site scripting vulnerabilities. This also affects version 1.3 as of 2014/01/05.
11f71a7a8fc1b6198d0accd72f3c4a62c57ad812171943bba7e230803cb30effRed Hat Security Advisory 2011-1065-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization extensions enabled.
3732020d0d7d91df707b78575d7f04a87ae185cfec7f512d60c183fbffc45f06Debian Linux Security Advisory 2281-1 - Sebastian Krahmer discovered that opie, a system that makes it simple to use One-Time passwords in applications, is prone to a privilege escalation (CVE-2011-2490) and an off-by-one error, which can lead to the execution of arbitrary code (CVE-2011-2489). Adam Zabrocki and Maksymilian Arciemowicz also discovered another off-by-one error (CVE-2010-1938), which only affects the lenny version as the fix was already included for squeeze.
c1534265ead6607e9cdaa8776430d7bb5a00f79dbdf8d6a6931105d8ec20bf6dMozilla Firefox version 5.0 and Microsoft Internet Explorer version 8.0 suffers from an access violation exception issue that causes a denial of service condition. This is an old issue that still affects newer browsers.
aff623fcbed999b76f986e61f348f7afbcb57deb2df7656cae33df66946d59c6phpMyAdmin Swekey remote code injection exploit that affects versions prior to 3.4.3.1 and versions prior to 3.3.10.2.
ad7c03013a93cbfc3a71ddcf1e0e7a96dc3afaf12cd89e7617e169215191b09fA defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time. A remote attacker would need to be able to send a specially crafted packet directly to a server running a vulnerable version of BIND. There is also the potential for an indirect attack via malware that is inadvertently installed and run, where infected machines have direct access to an organization's nameservers. Versions affected are 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3, and 9.8.1b1.
2fd13893122dc448b5db5225fe97b7626b7ee55edfa33dbb17024d926df11b52Debian Linux Security Advisory 2272-1 - It was discovered that BIND, a DNS server, does not correctly process certain UPDATE requests, resulting in a server crash and a denial of service. This vulnerability affects BIND installations even if they do not actually use dynamic DNS updates.
4fc41ab8569b1044b0a213223ba1fa05b854a033fdac4fdc31d6fb27452031e6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed