Twenty Year Anniversary
Showing 26 - 50 of 3,099 RSS Feed

Root Files

Nagios XI Chained Remote Code Execution
Posted Jun 29, 2018
Authored by Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API keys. 3. The API keys are then used to add an administrative user. 4. An authenticated session is established with the newly added user 5. Command Injection on /nagiosxi/backend/index.php allows us to execute the payload with nopasswd sudo, giving us a root shell. 6. Remove the added admin user and reset the database user.

tags | exploit, remote, shell, root, php, vulnerability
advisories | CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736
MD5 | f275b1da0c15a7e7e5fae8036578d5d8
Red Hat Security Advisory 2018-2037-01
Posted Jun 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2037-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Issues addressed include a problem where containers run as non-root users do not drop capabilities.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2018-10856
MD5 | b1bb3b2cd5ec1058b29768f09ba69af0
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
Posted Jun 26, 2018
Authored by Matthew Bergin | Site korelogic.com

HP Enterprise VAN SDN Controller version 2.7.18.0503 suffers from an unauthenticated remote root vulnerability. A hard-coded service token can be used to bypass authentication. Built-in functionality can be exploited to deploy and execute a malicious deb file containing a backdoor. A weak sudoers configuration can then be abused to escalate privileges to root. A second issue can be used to deny use of the appliance by continually rebooting it.

tags | exploit, remote, root
MD5 | bf9904ea89edad3e901e6b2663316e90
Gentoo Linux Security Advisory 201806-09
Posted Jun 23, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-9 - A vulnerability in PNP4Nagios which may allow local attackers to gain root privileges. Versions less than 0.6.26-r9 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-16834
MD5 | 5313641138cc0714f5ac0073d7137402
Dell EMC RecoverPoint Local Root Command Execution
Posted Jun 21, 2018
Authored by Paul Taylor

Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a local root command execution vulnerability.

tags | exploit, local, root
advisories | CVE-2018-1235
MD5 | 644beef393e8a481559e2ac1d14d98e8
Dell EMC RecoverPoint Remote Root
Posted Jun 21, 2018
Authored by Paul Taylor

Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a remote root command execution vulnerability.

tags | exploit, remote, root
advisories | CVE-2018-1235
MD5 | 6c11f1bc9ab032ba45ef40d9bb694a6f
Gentoo Linux Security Advisory 201806-03
Posted Jun 13, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-3 - Multiple vulnerabilities were discovered in BURP's Gentoo ebuild, the worst of which could lead to root privilege escalation. Versions less than 2.1.32 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2017-18284, CVE-2017-18285
MD5 | 34f3d723a1b598e50cf92fbe98bfad58
glibc 'realpath()' Privilege Escalation
Posted Jun 12, 2018
Authored by halfdog, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library (glibc) version 2.26 and prior. This Metasploit module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath() and create a SUID root shell. The exploit has offsets for glibc versions 2.23-0ubuntu9 and 2.24-11+deb9u1. The target system must have unprivileged user namespaces enabled. This Metasploit module has been tested successfully on Ubuntu Linux 16.04.3 (x86_64) with glibc version 2.23-0ubuntu9; and Debian 9.0 (x86_64) with glibc version 2.24-11+deb9u1.

tags | exploit, shell, root
systems | linux, debian, ubuntu
advisories | CVE-2018-1000001
MD5 | fdde72feb2388aee3f2e93395c3c6363
DHCP Client Command Injection (DynoRoot)
Posted Jun 12, 2018
Authored by Felix Wilhelm | Site metasploit.com

This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

tags | exploit, arbitrary, local, root, spoof, protocol
systems | linux, redhat, fedora
advisories | CVE-2018-1111
MD5 | 5260d2ef5bb8f8bbc5edbc0ec7cb7c67
Ubuntu Security Notice USN-3664-2
Posted Jun 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3664-2 - USN-3664-1 fixed a vulnerability in Apport. Sander Bos reported that Ubuntu 14.04 LTS was also vulnerable to this issue, but was incorrectly omitted from the previous updates. This update provides the corresponding update for Ubuntu 14.04 LTS. Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers. Various other issues were also addressed.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2018-6552
MD5 | 67273d8fdf19a09dbdc393e426a31d0c
Ubuntu Security Notice USN-3664-1
Posted May 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3664-1 - Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2018-6552
MD5 | 0c542d9aa0e59f4f0b5dae590c06df0b
Kernel Live Patch Security Notice LSN-0039-1
Posted May 28, 2018
Authored by Benjamin M. Romer

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux
advisories | CVE-2017-17862, CVE-2018-1000004, CVE-2018-1092, CVE-2018-1093, CVE-2018-8087
MD5 | b00a0d7a8bfca8dc02b44351db6c3dcc
Red Hat Security Advisory 2018-1688-01
Posted May 23, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1688-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include backup related and bypass vulnerabilities.

tags | advisory, root, vulnerability
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 8ea7de7e43f680b24746676fb6e604ca
Red Hat Security Advisory 2018-1676-01
Posted May 23, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1676-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include backup related and bypass vulnerabilities.

tags | advisory, root, vulnerability
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 1bbf1347bcec57ada52d3f83a7782856
AF_PACKET chocobo_root Privilege Escalation
Posted May 22, 2018
Authored by rebel, Brendan Coles | Site metasploit.com

This Metasploit module exploits a race condition and use-after-free in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2016-8655). The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu (Trusty / Xenial) kernels 4.4.0 < 4.4.0-53, including Linux distros based on Ubuntu, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 17.3 (x86_64); Linux Mint 18 (x86_64); and Ubuntu 16.04.2 (x86_64) with kernel versions 4.4.0-45-generic and 4.4.0-51-generic.

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 4e74e49fb99838182c2b1099fc25b230
Reliable Datagram Sockets (RDS) Privilege Escalation
Posted May 19, 2018
Authored by Dan Rosenberg, Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.

tags | exploit, kernel, root
systems | linux, fedora, ubuntu
advisories | CVE-2010-3904
MD5 | ca0aaa65162c3d2e20a520b81415f4ae
AF_PACKET packet_set_ring Privilege Escalation
Posted May 17, 2018
Authored by Brendan Coles, Andrey Konovalov | Site metasploit.com

This Metasploit module exploits a heap-out-of-bounds write in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2017-7308). The bug was initially introduced in 2011 and patched in version 4.10.6, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu Xenial kernels 4.8.0 < 4.8.0-46, including Linux distros based on Ubuntu Xenial, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 18 (x86_64) with kernel versions: 4.8.0-34-generic; 4.8.0-36-generic; 4.8.0-39-generic; 4.8.0-41-generic; 4.8.0-42-generic; 4.8.0-44-generic; 4.8.0-45-generic.

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2017-7308
MD5 | 619464075778b62a92b3753066e120ba
Libuser roothelper Privilege Escalation
Posted May 13, 2018
Authored by Brendan Coles, Qualys Security Advisory | Site metasploit.com

This Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit module makes use of the roothelper.c exploit from Qualys to insert a new user with UID=0 in /etc/passwd. Note, the password for the current user is required by userhelper. Note, on some systems, such as Fedora 11, the user entry for the current user in /etc/passwd will become corrupted and exploitation will fail. This Metasploit module has been tested successfully on libuser packaged versions 0.56.13-4.el6 on CentOS 6.0 (x86_64); 0.56.13-5.el6 on CentOS 6.5 (x86_64); 0.60-5.el7 on CentOS 7.1-1503 (x86_64); 0.56.16-1.fc13 on Fedora 13 (i686); 0.59-1.fc19 on Fedora Desktop 19 (x86_64); 0.60-3.fc20 on Fedora Desktop 20 (x86_64); 0.60-6.fc21 on Fedora Desktop 21 (x86_64); 0.60-6.fc22 on Fedora Desktop 22 (x86_64); 0.56.13-5.el6 on Red Hat 6.6 (x86_64); and 0.60-5.el7 on Red Hat 7.0 (x86_64). RHEL 5 is vulnerable, however the installed version of glibc (2.5) is missing various functions required by roothelper.c.

tags | exploit, root
systems | linux, redhat, fedora, centos
advisories | CVE-2015-3245, CVE-2015-3246
MD5 | 29f14e9f5067bd0c43af11f1008beb02
Palo Alto Networks readSessionVarsFromFile() Session Corruption
Posted May 7, 2018
Authored by H D Moore, Philip Pettersson | Site metasploit.com

This Metasploit module exploits a chain of vulnerabilities in Palo Alto Networks products running PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using an authentication bypass flaw to to exploit an XML injection issue, which is then abused to create an arbitrary directory, and finally gains root code execution by exploiting a vulnerable cron script. This Metasploit module uses an initial reverse TLS callback to stage arbitrary payloads on the target appliance. The cron job used for the final payload runs every 15 minutes by default and exploitation can take up to 20 minutes.

tags | exploit, arbitrary, root, vulnerability, code execution
advisories | CVE-2017-15944
MD5 | fe01448aae2bcc55f43fa22261d09244
Dell EMC Unity Family OS Command Injection
Posted May 4, 2018
Site emc.com

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed.

tags | advisory, remote, arbitrary, root, vulnerability
advisories | CVE-2018-1239
MD5 | c698f77203ec3de3839dae52a0afc827
Gentoo Linux Security Advisory 201805-01
Posted May 3, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201805-1 - A vulnerability was discovered in hesiod which may allow remote attackers to gain root privileges. Versions less than or equal to 3.1.0 are affected.

tags | advisory, remote, root
systems | linux, gentoo
advisories | CVE-2016-10151, CVE-2016-10152
MD5 | 70a420feed8c0428133a9d755f90bd51
Nagios XI 5.x Chained Remote Root
Posted Apr 30, 2018
Authored by Benny Husted, Cale Smith, Jared Arave

Nagios XI versions 5.2.6 up to 5.2.9, 5.3, and 5.4 chained remote root exploit.

tags | exploit, remote, root
advisories | CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736
MD5 | 3ce39f11d348edd249207bedc9c007d4
Nintendo Switch / Nvidia Fusee Gelee Disclosure
Posted Apr 26, 2018
Authored by Katherine Temkin

This report documents Fusee Gelee, a coldboot vulnerability that allows full, unauthenticated arbitrary code execution from an early bootROM context via Tegra Recovery Mode (RCM) on NVIDIA's Tegra line of embedded processors. As this vulnerability allows arbitrary code execution on the Boot and Power Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the entire root-of-trust for each processor, and allows exfiltration of secrets e.g. burned into device fuses.

tags | paper, arbitrary, root, code execution
MD5 | 0ab768a01218de89b109624ec71ed96b
lastore-daemon D-Bus Privilege Escalation
Posted Apr 21, 2018
Authored by Brendan Coles, Kings Way | Site metasploit.com

This Metasploit module attempts to gain root privileges on Deepin Linux systems by using lastore-daemon to install a package. The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary system packages without providing a password, resulting in code execution as root. By default, the first user created on the system is a member of the sudo group. This Metasploit module has been tested successfully with lastore-daemon version 0.9.53-1 on Deepin Linux 15.5 (x64).

tags | exploit, arbitrary, root, code execution
systems | linux
MD5 | baa73891b2b9f0118971e92d8daa13cc
ASUS infosvr Authentication Bypass Command Execution
Posted Apr 21, 2018
Authored by jduck, Friedrich Postelstorfer | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root. This Metasploit module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an interactive remote shell. This Metasploit module was tested successfully on an ASUS RT-N12E with firmware version 2.0.0.35. Numerous ASUS models are reportedly affected, but untested.

tags | exploit, remote, arbitrary, shell, root, udp, bypass
advisories | CVE-2014-9583
MD5 | 0b841685aaa09cefb0a9621293d64a94
Page 2 of 124
Back12345Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    2 Files
  • 23
    Sep 23rd
    2 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    22 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close