exploit the possibilities
Showing 1 - 9 of 9 RSS Feed

Files

Sequoia: A Deep Root In Linux's Filesystem Layer
Posted Jul 21, 2021
Authored by Qualys Security Advisory

Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. They successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. A basic proof of concept (a crasher) is attached to this advisory.

tags | exploit, kernel, local, root, proof of concept
systems | linux, debian, fedora, ubuntu
advisories | CVE-2021-33909, CVE-2021-33910
MD5 | 2739ab8c7448e7ea41f28d5e97efa32a

Related Files

OpenSMTPD Out-Of-Bounds Read
Posted Feb 25, 2020
Authored by Qualys Security Advisory

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands.

tags | exploit, arbitrary, shell
systems | openbsd
advisories | CVE-2020-8794
MD5 | a2c12d92302d9d428325ff4fc6f243ba
OpenSMTPD Local Information Disclosure
Posted Feb 25, 2020
Authored by Qualys Security Advisory

Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.

tags | exploit, arbitrary, local, root, proof of concept
systems | openbsd
advisories | CVE-2020-8793
MD5 | 56573da09e74bf6cccffa5506e80c6d3
Debian Security Advisory 4611-1
Posted Jan 30, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4611-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of email addresses which could result in the execution of arbitrary commands as root. In addition this update fixes a denial of service by triggering an opportunistic TLS downgrade.

tags | advisory, denial of service, arbitrary, root
systems | linux, debian
advisories | CVE-2020-7247
MD5 | 86b57c455931fcd59ee4f86326e684f4
OpenBSD OpenSMTPD Privilege Escalation / Code Execution
Posted Jan 29, 2020
Authored by Qualys Security Advisory

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root.

tags | exploit, arbitrary, shell, root
systems | openbsd
advisories | CVE-2020-7247
MD5 | a167abd4844564a180e18a022a305764
Qualys Security Advisory - OpenBSD Dynamic Loader Privilege Escalation
Posted Dec 12, 2019
Authored by Qualys Security Advisory

Qualys discovered a local privilege escalation in OpenBSD's dynamic loader (ld.so). This vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges. They developed a simple proof of concept and successfully tested it against OpenBSD 6.6 (the current release), 6.5, 6.2, and 6.1, on both amd64 and i386; other releases and architectures are probably also exploitable.

tags | exploit, local, root, proof of concept
systems | openbsd
advisories | CVE-2019-19726
MD5 | 5cd25d74e467c8f83e9ece30c0c6b982
Debian Security Advisory 4517-1
Posted Sep 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4517-1 - "Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.

tags | advisory, overflow, arbitrary, root
systems | linux, debian
advisories | CVE-2019-15846
MD5 | 917fd1ab543da423c5a922e3d0043040
Exim 4.9.1 Remote Command Execution
Posted Jun 6, 2019
Authored by Qualys Security Advisory

Qualys discovered a remote command execution vulnerability in Exim versions 4.87 to 4.91.

tags | advisory, remote
advisories | CVE-2019-10149
MD5 | bad52ccc6a1c8c1cead9b91ad808d490
Qualys Security Advisory - LibreSSL Leak / Overflow
Posted Oct 18, 2015
Authored by Qualys Security Advisory

Qualys discovered various vulnerabilities in LibreSSL. These include a memory leak and a buffer overflow.

tags | advisory, overflow, vulnerability, memory leak
advisories | CVE-2015-5333, CVE-2015-5334
MD5 | a09c98183d166108c5dbf9105951954a
Qualys Security Advisory - OpenSMTPD Audit Report
Posted Oct 4, 2015
Authored by Qualys Security Advisory

Qualys discovered various vulnerabilities in OpenSMTPD. These include, but are not limited to, denial of service, buffer overflow, hardlink attack and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
MD5 | 20c4ffd499c1a6466cfce72f6b1c0a80
Page 1 of 1
Back1Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close