Whitepaper called Root Detection Bypass with frida-push and Objection for iOS and Android. Written in Turkish.
cf2857b86392f6fbfb8a1f549f8da9ecThis Metasploit module exploits a vulnerability in the getprofile.sh script of Nagios XI versions prior to 5.6.6 in order to upload a malicious check_ping plugin and thereby execute arbitrary commands. For Nagios XI 5.2.0 through 5.4.13, the commands are run as the nagios user. For versions 5.5.0 through 5.6.5, the commands are run as root. Note that versions prior to 5.2.0 will still be marked as being vulnerable however this module does not presently support exploiting these targets. The module uploads a malicious check_ping plugin to the Nagios XI server via /admin/monitoringplugins.php and then executes this plugin by issuing a HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.3.0 and Nagios 5.6.5, both running on CentOS 7. For vulnerable versions before 5.5.0, it may take a significant amount of time for the payload to get back (up to 5 minutes). If exploitation fails against an older system, it is recommended to increase the WfsDelay setting (default is 300 seconds).
c535c12509a747d756650bedc5b31fcaA malicious authenticated attacker, with privileges of SAP SMD Agent access, can exploit certain SAP Host Control functions due to missing input checking, in order to escalate its privileges and execute commands as root/system user. SAPHOSTAGENT versions 7.21 SP045 and lower are affected.
cd82c2decad0c6dcc50f95839bfbec49This Metasploit module exploits a pre-authentication server-side request forgery vulnerability in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device.
babad085c5ec0276c04a4de6f8676674This Metasploit module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the grains on the master, including custom grain modules in the Extension Module directory. So, this module simply creates a Python script at this location and waits for it to be executed. The time interval is set to 60 seconds by default but can be changed in the master configuration file with the loop_interval option. Note that, if an administrator executes commands locally on the master, the maintenance process check will also be performed. It has been fixed in the following installation packages: 3002.5, 3001.6 and 3000.8. Also, a patch is available for the following versions: 3002.2, 3001.4, 3000.6, 2019.2.8, 2019.2.5, 2018.3.5, 2017.7.8, 2016.11.10, 2016.11.6, 2016.11.5, 2016.11.3, 2016.3.8, 2016.3.6, 2016.3.4, 2015.8.13 and 2015.8.10. This module has been tested successfully against versions 3001.4, 3002 and 3002.2 on Ubuntu 18.04.
c836d9acbeb076642702599310fe13a4Microsoft Windows has an issue with containers where the kernel incorrectly chooses the wrong silo when looking up the root object manager directory leading to elevation of privilege.
d249fdb9dab1efdef449b7c32504cdc9This Metasploit module exploits an authenticated Java deserialization that affects a truckload of Micro Focus products: Operations Bridge Manager, Application Performance Management, Data Center Automation, Universal CMDB, Hybrid Cloud Management and Service Management Automation. However, this module was only tested on Operations Bridge Manager. Exploiting this vulnerability will result in remote code execution as the root user on Linux or the SYSTEM user on Windows. Authentication is required as the module user needs to login to the application and obtain the authenticated LWSSO_COOKIE_KEY, which should be fed to the module. Any authenticated user can exploit this vulnerability, even the lowest privileged ones.
f6552551b0f335ef518698e89a9caa30The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
c8120978ea9929e12fc3a174e9657162Red Hat Security Advisory 2021-0223-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
3340cd05b0a77290105fc2a1999fb567Red Hat Security Advisory 2021-0222-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
c4fdf4ded2a625e72c2ae5b8d1bb868eRed Hat Security Advisory 2021-0221-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
9585b2878a5e45f916f39e6842d7d207Red Hat Security Advisory 2021-0224-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
fca10731645632b7651350b8a317f2ccRed Hat Security Advisory 2021-0227-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
4e07a9f7d2c9475cf4aa003e550f6901Red Hat Security Advisory 2021-0219-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
a209d1d7c6f73b8cd37c4b138f783ed1Red Hat Security Advisory 2021-0225-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
f6d5ea73692d355ec13895782578efb6Red Hat Security Advisory 2021-0218-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
0e0d531555b1a03b20524c0ea3dd41c1Red Hat Security Advisory 2021-0220-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
cb8e73eaca61767190bff116e9b4f634Red Hat Security Advisory 2021-0226-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
3d149efc7166eae17fd437dc5784bbebGentoo Linux Security Advisory 202101-27 - Multiple vulnerabilities were discovered in Gentoo's systemd unit for FreeRADIUS which could lead to root privilege escalation. Versions less than 3.0.20-r1 are affected.
7e2962d787843d00fee0a532e98438f5Gentoo Linux Security Advisory 202101-22 - A vulnerability in libvirt may allow root privilege escalation. Versions less than 6.7.0 are affected.
b86d822c8605924db1e353e80d4a4fa1Gentoo Linux Security Advisory 202101-11 - Multiple vulnerabilities were discovered in Gentoo's ebuild for Zabbix which could lead to root privilege escalation. Versions less than 4.4.6 are affected.
a5fbfc63fe9f36d35bd12a7f23c71a35Inteno IOPSYS version 3.16.4 suffers from a newline injection issue with samba share options that allows an attacker root access to the filesystem.
4dd764fc81b64e4c4edde1c782c708ffThis Metasploit module exploits an authentication bypass in Netsia SEBA+ versions 0.16.1 and below to add a root user.
48e1d8f9d10632c1de0461c5d272f23dThis Metasploit module exploits an improper input sanitization in SpamTitan versions 7.01, 7.02, 7.03 and 7.07 to inject command directives into the SNMP configuration file and get remote code execution as root. Note that only version 7.03 needs authentication and no authentication is required for versions 7.01, 7.02 and 7.07.
3fb380f22740f3fda8c78a8b5b723600Zoom version 4.6.239.20200613 suffers from a Meeting Connector post-authentication remote root code execution vulnerability via the proxy server functionality. The latest Zoom client has this issue patched per Zoom.
502538df7bfbda265c17c493f89179b7
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed