seeing is believing
Showing 1 - 25 of 12,552 RSS Feed

Local Files

Kernel Live Patch Security Notice LSN-0026-1
Posted Jul 25, 2017
Authored by Benjamin M. Romer

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux
advisories | CVE-2016-4558, CVE-2017-1000365, CVE-2017-7374, CVE-2017-7482, CVE-2017-9150
MD5 | cf9eb0b35f581391cfa449654007aaad
Ubuntu Security Notice USN-3364-2
Posted Jul 24, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3364-2 - USN-3364-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9150, CVE-2017-9605
MD5 | 8cc7102ebe0dfa9c4cdc3ad1e61b6e7d
Ubuntu Security Notice USN-3364-1
Posted Jul 24, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3364-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9150, CVE-2017-9605
MD5 | 9b8186309d84493ebc44898641dc9bf4
Ubuntu Security Notice USN-3361-1
Posted Jul 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3361-1 - USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-1350, CVE-2016-10208, CVE-2016-8405, CVE-2016-8636, CVE-2016-9083, CVE-2016-9084, CVE-2016-9191, CVE-2016-9604, CVE-2016-9755, CVE-2017-2583, CVE-2017-2584, CVE-2017-2596, CVE-2017-2618, CVE-2017-2671, CVE-2017-5546, CVE-2017-5549, CVE-2017-5550, CVE-2017-5551, CVE-2017-5576, CVE-2017-5669, CVE-2017-5897, CVE-2017-5970, CVE-2017-6001, CVE-2017-6214, CVE-2017-6345, CVE-2017-6346, CVE-2017-6347, CVE-2017-6348
MD5 | 2a81ab5a406b26495cf15b17d009be23
Ubuntu Security Notice USN-3360-1
Posted Jul 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3360-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. It was discovered that a use-after-free vulnerability existed in the performance events and counters subsystem of the Linux kernel for ARM64. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2015-8944, CVE-2015-8955, CVE-2015-8962, CVE-2015-8963, CVE-2015-8964, CVE-2015-8966, CVE-2015-8967, CVE-2016-10088, CVE-2017-1000380, CVE-2017-7346, CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017-9605
MD5 | 4b837ac472f4020e28f8436305442660
Ubuntu Security Notice USN-3360-2
Posted Jul 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3360-2 - USN-3360-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2015-8944, CVE-2015-8955, CVE-2015-8962, CVE-2015-8963, CVE-2015-8964, CVE-2015-8966, CVE-2015-8967, CVE-2016-10088, CVE-2017-1000380, CVE-2017-7346, CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017-9074, CVE-2017-9605
MD5 | a52c36d22ff0b5f4c7d35c0b403f353c
Ubuntu Security Notice USN-3359-1
Posted Jul 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3359-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2016-9755, CVE-2017-1000380, CVE-2017-5551, CVE-2017-5576, CVE-2017-7346, CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017-9150, CVE-2017-9605
MD5 | ac5a8bf8e487737dba8522c164aac232
Ubuntu Security Notice USN-3358-1
Posted Jul 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3358-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9605
MD5 | e382e603da4aed5892b8ad16c64fa4a4
Ubuntu Security Notice USN-3347-2
Posted Jul 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3347-2 - USN-3347-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM. A Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot A Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and A Yuval Yarom discovered that Libgcrypt was susceptible to an attack via A side channels. A local attacker could use this attack to recover RSA A private keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-7526
MD5 | fd750c8da9a13d230bb2725580662c1d
Hashicorp vagrant-vmware-fusion 4.0.20 Privilege Escalation
Posted Jul 17, 2017
Authored by Mark Wadham

Hashicorp vagrant-vmware-fusion versions 4.0.20 and below suffer from a local root privilege escalation vulnerability.

tags | exploit, local, root
advisories | CVE-2017-7642
MD5 | fa75f3b5ac8d64b6fe452388903fb02d
Kernel Live Patch Security Notice LSN-0025-1
Posted Jul 16, 2017
Authored by Benjamin M. Romer

Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2016-8632, CVE-2016-9604, CVE-2017-1000364, CVE-2017-2584, CVE-2017-6074, CVE-2017-7346, CVE-2017-7472, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9242
MD5 | f33f9e8f678adbf7a3a32f53939cff60
Gentoo Linux Security Advisory 2017-07-12
Posted Jul 10, 2017
Site security.gentoo.org

glsa-2017-07-12.txt - A vulnerability in MAN DB allows local users to gain root privileges. Versions less than 2.7.6.1-r2 are affected.

tags | advisory, local, root
advisories | CVE-2015-1336
MD5 | d2cf885e9f9b4d10d6902996a35ca9d1
NfSen 1.3.7 / AlienVault USM/OSSIM 5.3.6 Local Root
Posted Jul 10, 2017
Authored by Paul Taylor

NfSen versions 1.3.7 and below and AlienVault USM/OSSIM versions 5.3.6 and below suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2017-6970
MD5 | 787b269cad22ea86e1c32d8ac3022b2f
Gentoo Linux Security Advisory 201707-06
Posted Jul 9, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201707-6 - Multiple vulnerabilities have been found in virglrenderer, the worst of which could allow local guest OS users to cause a Denial of Service condition. Versions are affected.

tags | advisory, denial of service, local, vulnerability
systems | linux, gentoo
advisories | CVE-2016-10163, CVE-2016-10214, CVE-2017-5580, CVE-2017-5956, CVE-2017-5957, CVE-2017-5993, CVE-2017-5994, CVE-2017-6209, CVE-2017-6210, CVE-2017-6317, CVE-2017-6355, CVE-2017-6386
MD5 | 3f4534c3255b0846c107799ebecc5712
Gentoo Linux Security Advisory 201707-09
Posted Jul 9, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201707-9 - A vulnerability has been found in GNOME applet for NetworkManager allowing local attackers to access the local filesystem. Versions less than 1.4.6-r1 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2017-6590
MD5 | 15516137dcdcdd7dd84d94bca455ae67
Ubuntu Security Notice USN-3347-1
Posted Jul 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3347-1 - Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys. It was discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to possibly recover EdDSA private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-7526, CVE-2017-9526
MD5 | f7586c3b8130c5bffe6e14dc9684fda6
Debian Security Advisory 3901-1
Posted Jul 3, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3901-1 - Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024.

tags | advisory, local
systems | linux, debian
advisories | CVE-2017-7526
MD5 | d658be9eea9c2e1ac845a6372d57d1d4
InsomniaX 2.1.8 Arbitrary Kernel Extension Loading
Posted Jul 3, 2017
Authored by Yorick Koster

It was found that the loader application bundled with InsomniaX can be used to load arbitrary Kernel Extensions (kext). The loader is normally used to load a kext file that is needed to disable the Lid Sleep. A flaw has been found in the loader that allows a local attacker to load (or unload) any arbitrary kext file. Version 2.1.8 is affected.

tags | exploit, arbitrary, kernel, local
MD5 | 703ccd1c6eecfd818433456c702fa221
CMS Made Simple 2.2.1 Local File Inclusion
Posted Jul 2, 2017
Authored by Zhiyang Zeng

CMS Made Simple versions 2.2.1 and below suffers from a local inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | b3f295af95e08dea0b4737419f60d4db
TOR Virtual Network Tunneling Tool 0.3.0.9
Posted Jun 30, 2017
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.0.9 fixes a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This is a security regression; all clients running earlier versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or 0.3.1.4-alpha.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 3e1592efce06ab867db637b03754d0a3
OpenBSD at Stack Clash Privilege Escalation
Posted Jun 30, 2017
Site qualys.com

OpenBSD 'at' local stack clash privilege escalation exploit.

tags | exploit, local
systems | openbsd
advisories | CVE-2017-1000373
MD5 | acb82c1ba12f5809cb4718f34c7c4f71
Easy File Sharing Web Server 7.2 Account Import Buffer Overflow
Posted Jun 30, 2017
Authored by Chako

Easy File Sharing Web Server version 7.2 suffers from an account import local buffer overflow vulnerability.

tags | exploit, web, overflow, local
MD5 | 3fe8d27b0bff54d459eee1a9037b30f7
Ubuntu Security Notice USN-3323-2
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3323-2 - USN-3323-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-1000366
MD5 | a78b5e8caa51c4d2d2fa51e3fe96b76a
Ubuntu Security Notice USN-3342-2
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3342-2 - USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. USN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-5577, CVE-2017-7294, CVE-2017-7374, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
MD5 | bc0f3fd59ebd9a60119251cd743295fc
Oracle Solaris 11.1 / 11.3 rsh Stack Clash Privilege Escalation
Posted Jun 29, 2017
Site qualys.com

Oracle Solaris versions 11.1 and 11.3 rsh local privilege escalation stack clash exploit.

tags | exploit, local
systems | solaris
advisories | CVE-2017-3629, CVE-2017-3630, CVE-2017-3631
MD5 | ecf04fec274290660dd63bc7b82fd227
Page 1 of 503
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    23 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close