Ubuntu Security Notice 4404-2 - USN-4404-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Thomas E. Carroll discovered that the NVIDIA Cuda graphics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b5935e1b343dcc6884e352cc5e7dbac4The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).
0ce466f922be78b19e5b1169c13ef711Online Student Enrollment System version 1.0 suffers from an unauthenticated arbitrary file vulnerability.
82d4e855a4f70039fa7c52673309699cGentoo Linux Security Advisory 202006-21 - A vulnerability has been discovered in Apache Tomcat which could result in the arbitrary execution of code. Versions less than 7.0.104:7 are affected.
b9904ecfbc9febf21a173f0f293cfbb6Gentoo Linux Security Advisory 202006-22 - Multiple vulnerabilities have been found in OpenJDK and IcedTea, the worst of which could result in the arbitrary execution of code. Versions less than 8.252_p09 are affected.
b3b8ae15fbd28c09dede89451b02f389Gentoo Linux Security Advisory 202006-19 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 68.9.0 are affected.
d05be0024a72f99c3925c805a5d8c724Gentoo Linux Security Advisory 202006-17 - Multiple vulnerabilities have been found in FAAD2, the worst of which could result in the arbitrary execution of code. Versions less than 2.9.0 are affected.
0fba9ed1000898906f828fb6140fd154Gentoo Linux Security Advisory 202006-15 - Multiple vulnerabilities have been found in OpenConnect, the worst of which could result in the arbitrary execution of code. Versions less than 8.09-r1 are affected.
8fa705fd0b0d09a7c97049a1de6a1348Gentoo Linux Security Advisory 202006-14 - A buffer overflow in the PEAR module Archive_Tar might allow local or remote attacker(s) to execute arbitrary code. Versions below 1.4.5 are affected.
a3b9a32b7e277d50593b70c010688890This Metasploit module will send arbitrary file_paths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges (verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also likely affected).
cdccccea0f5e4601df382d735f6b3d5aSmarterMail 16 suffers from an arbitrary file upload vulnerability.
72450c5aaab572c56de94f8bfdb91744Gentoo Linux Security Advisory 202006-7 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 68.9.0 are affected.
1dff3a35d7e048e992577693c9c49e95Gentoo Linux Security Advisory 202006-8 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.28.2 are affected.
e0641f66b5310fc66d5c30645f9e4540Gentoo Linux Security Advisory 202006-6 - Multiple vulnerabilities have been found in ssvnc, the worst of which could result in the arbitrary execution of code. Versions less than or equal to 1.0.29-r2 are affected.
ccf3d343ee86dccfd49618460f64a593Gentoo Linux Security Advisory 202006-5 - Nokogiri has a vulnerability allowing arbitrary execution of code if a certain function is used. Versions less than 1.10.4 are affected.
0961a15d4c55592989b001b1f4672babGentoo Linux Security Advisory 202006-2 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 83.0.4103.97 are affected.
930375bd60b7bba33caa44532d180990Gentoo Linux Security Advisory 202006-9 - A flaw in Adobe Flash Player may allow local or remote attacker(s) to execute arbitrary code. Versions less than 32.0.0.387 are affected.
ac74f8897e8e15e5fdc48661b468223bGentoo Linux Security Advisory 202006-11 - Multiple vulnerabilities have been found in Ansible, the worst of which could result in the arbitrary execution of code. Versions less than 2.9.7 are affected.
dec0bd00f521b67664a567de2b75d5adThis Metasploit module exploits CVE-2020-0787, an arbitrary file move vulnerability in outdated versions of the Background Intelligent Transfer Service (BITS), to overwrite C:\Windows\System32\WindowsCoreDeviceInfo.dll with a malicious DLL containing the attacker's payload. To achieve code execution as the SYSTEM user, the Update Session Orchestrator service is then started, which will result in the malicious WindowsCoreDeviceInfo.dll being run with SYSTEM privileges due to a DLL hijacking issue within the Update Session Orchestrator Service. Note that presently this module only works on Windows 10 and Windows Server 2016 and later as the Update Session Orchestrator Service was only introduced in Windows 10. Note that only Windows 10 has been tested, so your mileage may vary on Windows Server 2016 and later.
0804ff3bfe957376a4af71aa3919154fThis research discusses two different vulnerabilities addressed in the June 2020 Microsoft Patch Tuesday. An integer overflow in OLE marshalling and a race condition with arbitrary file deletion are described in detail.
d0d7691eecbbd82916538605ee2bdfa4Ubuntu Security Notice 4392-1 - It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
2a8d26a4c0fc30acb37659ae44687215Ubuntu Security Notice 4391-1 - It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
b9a5c4d0b8f881b21288f5e8a866b693Ubuntu Security Notice 4393-1 - It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
1c2083f7dc6855a4a9ae2d20008669a7Ubuntu Security Notice 4383-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the addressbar, or execute arbitrary code. It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. Various other issues were also addressed.
7008565679641f0d4d2c4c80f6ec42cfThis Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to leverage the Cloupia script interpreter to execute code. This functionality is part of the application's intended operation and considered a "foreverday." The authentication bypass and directory traversals only get us there. If you already have an API key, you may set it in the API_KEY option. The LEAK_FILE option may be set if you wish to leak the API key from a different absolute path, but normally this isn't advisable. Tested on Cisco's VMware distribution of 6.7.3.0.
a3283617421910d08a845659be600c53
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed