CVE-2021-45707

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups...

UBUNTU-CVE-2021-45707

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups...

Out-of-bounds

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer error vulnerability exists in Rust nix crate versions prior to 0.20.2,0.21.2 prior to 0.21.x, and 0.22.2 prior to 0.22.x, which stems from an out-of-bounds write to Unistd::getgrouplist...

CVE-2021-45707

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups...

CVE-2021-45707

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups...

CVE-2021-45707

CVE-2021-45707 affects the nix crate (Rust) versions 0.16.0 and later, with fixes in 0.20.2, 0.21.2, and 0.22.2 or later. The vulnerability is an out-of-bounds write in unistd::getgrouplist when a user belongs to more than 16 /etc/groups groups, which can lead to memory corruption. The issue stem...

RUSTSEC-2021-0119 Out-of-bounds write in nix::unistd::getgrouplist

On certain platforms, if a user has more than 16 groups, the nix::unistd::getgrouplist function will call the libc getgrouplist function with a length parameter greater than the size of the buffer it provides, resulting in an out-of-bounds write and memory corruption. The libc getgrouplist functi...

Out-of-bounds write in nix::unistd::getgrouplist

On certain platforms, if a user has more than 16 groups, the nix::unistd::getgrouplist function will call the libc getgrouplist function with a length parameter greater than the size of the buffer it provides, resulting in an out-of-bounds write and memory corruption. The libc getgrouplist functi...

PT-2021-24281 · Nix +1 · Nix +1

Name of the Vulnerable Software and Affected Versions: nix crate versions 0.16.0 through 0.20.1 nix crate versions 0.21.x before 0.21.2 nix crate versions 0.22.x before 0.22.2 Description: An issue was discovered in the nix crate where the nix::unistd::getgrouplist function can call the libc...

Rootend - A *Nix Enumerator And Auto Privilege Escalation Tool

rootend is a python nix Enumerator & Auto Privilege Escalation tool. For a full list of our tools, please visit our websitehttps://www.twelvesec.com/ Written by: nickvourd twitter maldevel twitter servo Usage Enumeration & Automation Privilege Escalation tool. rootend is an open source tool...

[SECURITY] Fedora 34 Update: libsndfile-1.0.31-5.fc34.fc34

libsndfile is a C library for reading and writing sound files such as AIFF, AU, WAV, and others through one standard interface. It can currently read/write 8, 16, 24 and 32-bit PCM files as well as 32 and 64-bit floating point WAV files and a number of compressed formats. It compiles and runs on...

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems? | McAfee Blogs

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and nix Systems? Thibault Seret · JUL 28, 2021 Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating systems. Yes, we observed the...

Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices

UPDATE Cybercriminals behind a string of high-profile ransomware attacks, including one extorting $11 million from JBS Foods last month, have ported their malware code to the Linux operating system. The unusual move is an attempt to target VMware’s ESXi virtual machine management software and...

GLPI 9.4.5 - Remote Code Execution (RCE)

Exploit Title: GLPI 9.4.5 - Remote Code Execution RCE Exploit Author: Brian Peters Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: | grep "CREATE TABLE" | grep -n wifinetworks Update the offsettable value with this number in the...

Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 Vaadin 14.0.3 through Vaadin 14.5.2, 3.0 prior to 6.0 Vaadin 15 prior to 19, and 6.0.0 through 6.0.5 Vaadin 19.0.0 through 19.0.4 allows local users to inject malicious code...

Malicious Package

Overview All versions of nodetest1010 contain malicious code. Upon installation the package opens a shell to a remote server. The package affects both Windows and nix systems. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secret...

Revive Adserver 4.2 Remote Code Execution

Exploit Title: Revive Adserver 4.2 - Remote Code Execution Google Dork: "inurl:www/delivery filetype:php" Exploit Author: crlf Vendor Homepage: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/archive/ Version: 4.1.x '' : @list$x, $url, $code = $argv;...

Revive Adserver 4.2 - Remote Code Execution

Revive Adserver 4.2 - Remote Code Execution Exploit Title: Revive Adserver 4.2 - Remote Code Execution Google Dork: "inurl:www/delivery filetype:php" Exploit Author: crlf Vendor Homepage: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/archive/ Version:...

Nix package manager elevation of privilege vulnerability

Nix package manager is a package manager for Unix-like systems. An elevation of privilege vulnerability exists in Nix package manager version 2.3 and earlier, which can be exploited by a local attacker to gain access to arbitrary user accounts...