An "Incorrect Use of a Privileged API" vulnerability in PrintixService.exe in Printix's "Printix Secure Cloud Print Management" versions 1.3.1106.0 and below allows a local or remote attacker the ability change all HKEY Windows Registry values as SYSTEM context via the UITasks.PersistentRegistryData parameter.
e26119f8d98f860e7ac7059a0d25e15dfc9acdbc0d49faa1f612da8efaf64cdcThe Windows Print Spooler has a privilege escalation vulnerability that can be leveraged to achieve code execution as SYSTEM. The SpoolDirectory, a configuration setting that holds the path that a printer's spooled jobs are sent to, is writable for all users, and it can be configured via SetPrinterDataEx() provided the caller has the PRINTER_ACCESS_ADMINISTER permission. If the SpoolDirectory path does not exist, it will be created once the print spooler reinitializes. Calling SetPrinterDataEx() with the CopyFiles\ registry key will load the dll passed in as the pData argument, meaning that writing a dll to the SpoolDirectory location can be loaded by the print spooler. Using a directory junction and UNC path for the SpoolDirectory, the exploit writes a payload to C:\Windows\System32\spool\drivers\x64\4 and loads it by calling SetPrinterDataEx(), resulting in code execution as SYSTEM.
3e62199fe39127be4320ed28c4a8d52211edb9c506d1e42a0aba3faef33cb58cRed Hat Security Advisory 2022-0501-01 - This release of Red Hat Integration - Service registry 2.0.3.GA serves as a replacement for 2.0.2.GA, and includes the below security fixes. Issues addressed include an information leakage vulnerability.
83eb7f9ca68d2408390c8d7bf2cc3097aaa41d5957178dfd4e7dbd8d2976ef0bUbuntu Security Notice 5134-1 - An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied credentials being leaked to the public registry, when using the docker login command with a private registry.
11a8fd969279dac2404fecd3abcaa6f718532bed6e35975931b2093909c3f708Red Hat Security Advisory 2021-4100-01 - This release of Red Hat Integration - Service registry 2.0.2.GA serves as a replacement for 2.0.1.GA, and includes the below security fixes. Issues addressed include a cross site scripting vulnerability.
deae863e269d799eb30005e5bf746b6f54654a78cb414a871c14378bede66a03Red Hat Security Advisory 2021-3338-01 - Hivex is a library that can read and write Hive files, undocumented binary files that Windows uses to store the Windows Registry on disk.
d7b8ab43b6a11fa3a73aa39a2179e478b424b0fed97e5b13da075a51804f6e2dRed Hat Security Advisory 2021-2318-01 - Hivex is a library that can read and write Hive files, undocumented binary files that Windows uses to store the Windows Registry on disk. Issues addressed include a buffer overflow vulnerability.
95de8f82623974b997f2b17f65bef747bdceab7ab0871d416c93315905dcfbefRed Hat Security Advisory 2021-2039-01 - This release of Red Hat Integration - Service registry 1.1.1.GA serves as a replacement for 1.1.0.GA, and includes the below security fixes. Issues addressed include XML injection and remote SQL injection vulnerabilities.
016baf810f0fc092f71233e8a3a373f15cd931df73eb2a65bb7e42e8e6050a8aMicrosoft Windows Containers Host Registry Virtual Registry Provider does not correctly handle relative opens leading to a process in a server silo being able to access the host registry leading to elevation of privilege.
3a9b2da40f527338ce39bbd5dce9bee31cef6c99a0ff4669322be1889064b788Microsoft Windows has a privilege escalation vulnerability. When a process is running in a server silo, the checks for trusted hive registry key symbolic links is disabled leading to elevation of privilege.
6bfe0cdda02d4fbe057af9ecc41a80c96bb55fbaab78a5397b48afe2eb1905a5The Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess function allows a user to create arbitrary registry keys in the .DEFAULT users hive leading to elevation of privilege.
74dc9ea6b122383e9da88cbc95551409a14569942eda9298a95b7107c556d891Ubuntu Security Notice 4589-2 - USN-4589-1 fixed a vulnerability in containerd. This update provides the corresponding update for docker.io. It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials. Various other issues were also addressed.
4eeaadc36e62548aa8f1da1618bdeca1854185c3d5e433ccdb2502a10b3c5332Ubuntu Security Notice 4589-1 - It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials.
9ea02fe8e9f867ac862dbfddcf410407b17d9db9851898275ec3cebab3b08a4dThis Metasploit module exploits a feature in the DNS service of Windows Server. Users of the DnsAdmins group can set the ServerLevelPluginDll value using dnscmd.exe to create a registry key at HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters\ named ServerLevelPluginDll that can be made to point to an arbitrary DLL.
da2cc8a9f423689f3122124aa84eb964b7056b6fedd4f40ddd88ead60b4eedebThe handling of KTM logs when initializing a Registry Hive contains no bounds checks which results in privilege escalation.
0ae399542cc10a8ccc557083deb691282149c87bc3ab0445c6922d410bec88eeThe handling of KTM logs does not limit Registry Key operations to the loading hive leading to elevation of privilege.
dc36265f20912463478c32c5203d3f4e619cc492c989532a060ccc10362e3045This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.
6b0526f98f3e203e2ed6be699de4fcc715f41c3ab7e148e28ed2e62563a77a96Ubuntu Security Notice 4251-1 - It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibly use this issue to obtain credentials and gain complete control over the Tomcat instance. It was discovered that Tomcat incorrectly handled FORM authentication. A remote attacker could possibly use this issue to perform a session fixation attack. Various other issues were also addressed.
ad779f760ea839626bc9a096e5b49f03e65d7dfdb4d11c6a4f0aa0d7d43b5d23Trend Micro Maximum Security is vulnerable to arbitrary code execution as it allows for creation of registry key to target a process running as SYSTEM. This can allow a malware to gain elevated privileges to take over and shutdown services that require SYSTEM privileges like Trend Micros "Asmp" service "coreServiceShell.exe" which does not allow Administrators to tamper with them. This could allow an attacker or malware to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. Note administrator privileges are required to exploit this vulnerability.
2bef0a7498592f26d2748979ed451cc8771185733de0a4a4c86834cf8e60b081This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when Windows backup and restore is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked.
de0a15ebe9d1aa72ab9db25c4772fd3f14a7a703cd5073c7a99bb9586f47fa3fRed Hat Security Advisory 2019-2766-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains updated container images for multus-cni, operator-lifecycle-manager, and operator-registry in Red Hat OpenShift Container Platform 4.1.15. Each of these container images includes gRPC, which has been updated with the fixes for unbounded memory growth issues.
28beccc442a59539035c257dfef710a8afe7ed630b705656774aed0f1e5791f3This Metasploit module exploits a flaw in the WSReset.exe file associated with the Windows Store. This binary has autoelevate privs, and it will run a binary file contained in a low-privilege registry location. By placing a link to the binary in the registry location, WSReset.exe will launch the binary as a privileged user.
fd4483c2d11523aa133d98cfbc3d2430e4968d51d316ebccfd038998c7d314e9The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.
36e4c1600341712dd48481dde14154b5ae9680dbb41cdfae332f3ee20e766b99Ubuntu Security Notice 3975-1 - It was discovered that the BigDecimal implementation in OpenJDK performed excessive computation when given certain values. An attacker could use this to cause a denial of service. Corwin de Boor and Robert Xiao discovered that the RMI registry implementation in OpenJDK did not properly select the correct skeleton class in some situations. An attacker could use this to possibly escape Java sandbox restrictions. Various other issues were also addressed.
863b426d41559bd65c2c7727e970150e9f9d551307f68fe80ad79c08db7ac719Ubuntu Security Notice 3939-2 - USN-3939-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations. Various other issues were also addressed.
423b0f2dd2d40485dec194a99014faf87bd1673d4acf74e2052f9b4ebe3e9fea
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed