Linux kernel ELF core dump privilege elevation advisory and proof of concept exploit. Affects the 2.2 series up to and including 2.2.27-rc2 and 2.4 up to and including 2.4.31-pre1. Also affected is 2.6 up to and including 2.6.12-rc4.
212888e5da8ea742abd0cc0bfa4ca3154edd8f5a58ea7bade1c81b8ebb10754bIntel Security Conference (iSecCon) 2018 has announced its call for papers. It will take place in Hillsboro, Oregon, USA from December 4th through the 5th, 2018.
aa81f817e65c97198682b90baecd356541c228bf4a87b15c5d8212d63ab9d68eThis is a MobileSubstrate extension to disable certificate validation within NSURLConnection in order to facilitate black-box testing of iOS Apps. Once installed on a jailbroken device, iOS SSL Kill Switch patches NSURLConnection to override and disable the system's default certificate validation as well as any kind of custom certificate validation (such as certificate pinning). It was successfully tested against Twitter, Card.io and Square; all of them implement certificate pinning.
016ff5115ca0297edb536e716d760f3e930e000322e864984fcef533462a846bInternet Explorer versions 6, 7, and 8 suffer from an arbitrary command execution vulnerability related to winhlp32.exe.
ce8c868aaeb05091eebf05d2264a9ae0a388169e7afa4691506db33a26a57fc9A locally exploitable flaw has been found in the Linux page fault handler code that allows users to gain root privileges if running on multiprocessor machine.
214351de609f4dc4b72e3eef348a9ef9870d7de16823db0bf41a51b7d21295e6Locally exploitable flaws have been found in the Linux binary format loaders' uselib() functions that allow local users to gain root privileges. Linux kernel versions 2.4 up to and including 2.4.29-pre3, 2.6 up to and including 2.6.10 are affected. Exploit included.
dc8912477cabd4620eccb9621b77afc571d533b90b200dfc6fc0b9d16173ee04A heap overflow in Mozilla browser versions 1.7.3 and below in the NNTP code may allow for arbitrary code execution.
d6dc6a959b8812c3ef22ec8765b647390f6ac1056c0d6c36d151eedf7bb4bf0eA locally exploitable flaw has been found in the Linux socket layer that allows a local user to hang a vulnerable machine. Kernel version 2.4 up to and including 2.4.28 and 2.6 up to and including 2.6.9 are susceptible. Full exploitation provided.
82a4d30397e375670877101fd568eef691baac3098d148ecc92a14d4113999f3Multiple bugs both locally and remotely exploitable have been found in the Linux IGMP networking module and the corresponding user API. Full exploit provided. Linux kernels 2.4 up to and include 2.4.28 and 2.6 up to and including 2.6.9 are affected.
abea45d57330bec18503dd9ea76e21f5d34db415e88430327a7b05eab5aecaf0A critical security vulnerability has been found in the Linux kernel code handling 64bit file offset pointers. Successful exploitation allows local users to have access to kernel memory. Kernel series affected are 2.4.26 and below and 2.6.7 and below. Full exploit provided.
92706af943a287522ac0045554f0149a454453a2c0f2f0482f4e4f98d714283aLinux kernel versions 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 have an integer overflow in setsockopt MCAST_MSFILTER. Proper exploitation of this vulnerability can lead to privilege escalation.
836369aad1ed778a870f252f0733e83e6fb921672b010265395c6bb0c30ddc9dA critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2.
483ed3b485fe72175ca9d4f6e07e3c8cc8998ed7ee2f98e6a72a1016b9373ac3A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2.
15e57e93f04e6f6e219e6d6e4da2f41a33f772b68029df65fa0dcaf3e0bde0a7The mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access. Updated version of the original release of this document.
0a4e3c81dc818181f880893f3f4e1c339b5517ada7d7b0d09c8ac1ddf34cbe95The mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access.
1f3565207e96102d6a63c660b43ba3e8e06061f744c34c3ff6a6df7a1d02e5efwu-ftpd versions 2.5.0 to 2.6.2 have been found to be susceptible to an off-by-one bug in fb_realpath(). A local or remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system.
26d10c27b7202a5cb1389a5a1f1668d76a81ead7b06f38bae80956501c6824ceThe at utility in Solaris has name handling and race condition vulnerabilities. Using the -r switch to remove a job allows an attacker to remove any file on the filesystem as root. Although at filters out absolute paths, a simple ../ directory traversal maneuver allows an attacker to remove files out of the allowed boundary.
a1784e9527e8a56be1b234c7034c3ab545ca36e2fe248fa59675016423982b32iSecureLabs Security Advisory - Cabezon Aurelien has discovered a vulnerability in the Network Tool 0.2 Addon for PHPNuke that allows remote users to run arbitrary commands with the privileges of the httpd daemon, thanks to the failure of the addon to filter shell meta-characters.
793e2c2c5f0e428af223241b631f0f5aa4c00fbb72c90e0e4b899fb9bbc0d1f1iSecureLabs Security Advisory - Cabezon Aurelien has discovered a reverse directory traversal vulnerability in the Gallery Addon for PHPNuke that allows users to view arbitrary files on the remote system that are owned or readable by the httpd daemon.
fb56723b90987185c743733ccbeb618508f8f8601f8af9aefd50e2cfd6a70c9d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed