DeleGate versions 8.9.2 and below have a remotely exploitable buffer overflow vulnerability that exists in the SSLway filter.
af459a2b5ac1aeeb978fc864bdf2c67dc74606237fb7e1a493d1e9c3ea733a63This Metasploit module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx's handler, located in Sitecore.Xdb.Client.dll under the Sitecore.sitecore.shell.ClientBin.Reporting.Report definition, having a ProcessRequest() handler that calls ProcessReport() with the context of the attacker's request without properly checking if the attacker is authenticated or not. This request then causes ReportDataSerializer.DeserializeQuery() to be called, which will end up calling the DeserializeParameters() function of Sitecore.Analytics.Reporting.ReportDataSerializer, if a "parameters" XML tag is found in the attacker's request. Then for each subelement named "parameter", the code will check that it has a name and if it does, it will call NetDataContractSerializer().ReadObject on it. NetDataContractSerializer is vulnerable to deserialization attacks and can be trivially exploited by using the TypeConfuseDelegate gadget chain. By exploiting this vulnerability, an attacker can gain arbitrary code execution as the user that IIS is running as, aka NT AUTHORITY\NETWORK SERVICE. Users can then use technique 4 of the "getsystem" command to use RPCSS impersonation and get SYSTEM level code execution.
37520d596ad5e8973bf7abf8600f04a5fcf14f78a72969dd7133167779137a26Red Hat Security Advisory 2018-0315-01 - openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry or Time-Series-Database-as-a-Service. openstack-aodh has been rebased to the upstream 4.0.2-3 version. Security Fix: A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious user could pass in another person's trust ID and obtain a keystone token containing the delegated authority of that user.
7039101b6915bf3c41b7aeb8cf08eac9bad2aef2238c96db165daf070b84f2fcRed Hat Security Advisory 2017-3227-01 - openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry or Time-Series-Database-as-a-Service. Security Fix: A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious user could pass in another person's trust ID and obtain a keystone token containing the delegated authority of that user.
f243e1e08e1d116befbb2a5b0d7877606b49e91c887f446d992a6573a7c0afc9Red Hat Security Advisory 2016-0726-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.
d8a4d48a224920151135854a97230c9e638aa805c9f55366f91c9cbf59079185This Metasploit module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (for example) which is actually a crafted SVG (for example) that triggers the command injection. Tested on Linux, BSD, and OS X. You'll want to choose your payload carefully due to portability concerns. Use cmd/unix/generic if need be.
b4c6b0e7acc235fa1688e82fff7eedb021357977c009bfb8d3faf0171a733bf1Installation of DeleGate version 9.9.13 sets some binaries setuid root and at least one of these binaries can be used to escalate the privileges of a local user. The binary dgcpnod creates a node allowing a local unprivileged user to create files anywhere on disk. By creating a file in /etc/cron.hourly a local user can execute commands as root.
7f7b948cf0c658577a60b54e041918a12f7d33a376ff4d93c8a8740f4fddad56Ubuntu Security Notice 2458-2 - USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox. Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
0e4576dca2a7548be8635513343f1ea1f367d17a4d8b974932e22faa60527fd1ICIA2014 will be held in Malaysia on October 8-10, 2014. The main objective of this conference is to provide a medium for professionals, engineers, academicians, scientists, and researchers from over the world to present the result of their research activities in the field of Computer Science, Engineering and Information Technology. ICIA2014 provides opportunities for the delegates to share the knowledge, ideas, innovations and problem solving techniques. Submitted papers will be reviewed by the technical program committee of the conference.
6ac89c400e8c3a9e671ab7d3c13272f0dcbd66ccba1b48822a10ca88620043e8Mandriva Linux Security Advisory 2013-075 - Marko Myllynen discovered that ELinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate.
251604e47df85aba6acfbb679183dc7020c10e60894c9a7c2be99263bbba5f1dRSOI, or Remote System over IRC, is a whitepaper about a feature adopted by the MpTcp software. This tool executes this action in order to delegate partial use (or total) of resources of a system to a remote entity. In this document, the action of using RSOI is dependently associated with the use of MpTcp. Therefore, manipulating RSOI here means to use MpTcp directly to implement this action, and nothing more.
1c7de768e087c16a1feb539e02b5a6f65eac779f4ea5ce1d061f33e2934fa78eDebian Linux Security Advisory 2592-1 - Marko Myllynen discovered that elinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate.
149c360062a76e5cec29b9d5823b3e815bd95780d8d20666f866ebe907200af3Secunia Security Advisory - Two security issues and two vulnerabilities have been reported in WooThemes Bueno, City Guide, Coffee Break, Daily Edition, Delegate, Fresh News, Headlines, Inspire, Optimize, Over Easy, and The Station ExpressionEngine themes, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
56adfd5fea63167983051b1869f7693780828dcbb7e2a6893b95bf628381f594Multiple Drupal themes suffer from cross site scripting and denial of service vulnerabilities. Affected themes include Fresh News, Inspire, Spectrum, Delegate, Optimize, Bueno, Headlines, Daily Edition, Coffee Break, The Gazette Edition.
165887f15d9354eaf9b8d1bb945cb0dc9da0684b19cf44be05684f5b05d60ae6Debian Linux Security Advisory 2208-2 - The BIND, a DNS server, contains a defect related to the processing of new DNSSEC DS records by the caching resolver, which may lead to name resolution failures in the delegated zone. If DNSSEC validation is enabled, this issue can make domains ending in .COM unavailable when the DS record for .COM is added to the DNS root zone on March 31st, 2011. An unpatched server which is affected by this issue can be restarted, thus re-enabling resolution of .COM domains.
f731e91d3be36cf5817c4082103d78fb8988f511662f8a796e0adbc0d8384d82Secunia Security Advisory - A vulnerability has been reported in Sun Java System Delegated Administrator, which can be exploited by malicious people to conduct HTTP response splitting attacks.
8d5e4d44cc989c01ce616f9aff073b053c6b6779fde75709ca10dd7ad192c747Core Security Technologies Advisory - An HTTP Response Splitting vulnerability has been discovered in Sun Java System Delegated Administrator.
a6aab540984940f53af0baf697d952a5e2bf448aeb5bfaca3f39f4ffbd1160dcSecunia Security Advisory - Some vulnerabilities have been reported in DeleGate, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
fb3ded865277591bc1f1e05c30a919f00c5b2d23237ae815111090870d765aceSecunia Security Advisory - A vulnerability has been reported in DeleGate, which can be exploited by malicious people to cause a DoS (Denial of Service).
3c6242e58ee2084c77656cdb38987940ad995770333e6a9f415874ab35f52194Debian Security Advisory DSA 957-2 - Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird. This update filters out the '$' character as well, which was forgotton in the former update.
6d693b7e624f9f9aa08698c4f2a9e87113822bba8d9d984d08dccb8e8d268461Mandriva Linux Security Advisory - The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601)
910d914cd815f14e7de2f37a55752c9068d22431d6de852fd6ef74967dfd98c5Debian Security Advisory DSA 957-1 - Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird.
2a5172ff5fdbf831edd4e378fc7dbeaf856412e4ea840c9dee36d8163f9273f6Mandriva Linux Security Update Advisory - Sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. GSSAPI is only enabled in versions of openssh shipped in LE2005 and greater.
36ff3b7eb497ae29ca47eb6ebb8a464874b5bda235ffd3c5c284b54f5f5fd1f4Secunia Security Advisory - Some vulnerabilities have been reported in DeleGate, which potentially can be exploited by malicious people to compromise a vulnerable system.
933055bb5616be680a3ab083877b181ea703766cc158568eb22952fb77faa7adThis little program opens as many sockets with a remote host as can be supported by both. It catches ^C and kill commands to shut down cleanly by closing all open connections before exiting. Often, a remote workstation can be brought to its knees by saturating its process table via multiple invocations of sendmail. That's why port 25 (the sendmail port) is the default. If the target's process table (set when the target kernel was created) is filled, users will be unable to execute any shell commands. Many MUDs also crash when the number of sockets they have open exceeds a certain number. This program will put stress on MUDs by testing their limits. If a limit is reached, the MUD will either crash or will refuse to let new users log in. * The program is incomplete, in that it doesn't check for socket timeouts and subsequently reuse timed out sockets. That means the program can only keep a remote host / mud locked up until it exhausts its own available new sockets, or until it has reached MAX_DESCRIPTORS remote connections as set by the #define statement. * If the local machine starts issuing error messages, then the program has failed to saturate the remote host and has instead reached the limits of the local machine. Use ^C or the kill command to terminate it. If you are knowledgable about rebuilding kernels and have access to the root account, you can build a special kernel that will allow you to reach a much larger number of open sockets.
b17774a047da8f2dda8f5acbd018f5ca39bc608c82b3694b31d3ff473671c675The Linux Port/Socket Pseudo ACLs project is a patch to the Linux kernel which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.
d61bf6e3dbf719b509f1f7f95548c9046c1ea67c123e9d83a01d182c414a25d0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed