448 matches found
Juju-run Agent Privilege Escalation
This module attempts to gain root privileges on Juju agent systems running the juju-run agent utility. Juju agent systems running agent tools prior to version 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3, provide a UNIX domain socket to manage software "units" without setting appropriate...
Ruby: Unix domain socket and a path containing a null character
Some methods on UNIX domain socket are not checked for null characters. vagrant@localhost $ ls /tmp vagrant@localhost $ irb irbmain:001:0 require 'socket' = true irbmain:002:0 UNIXServer.open"/tmp/socket\0ruby" |serv| irbmain:003:1 c = UNIXSocket.open"/tmp/socket\0sapphire" irbmain:004:1 s =...
MacOS so_pcb type confusion in necp_get_socket_attributes(CVE-2017-13855)
When getsockopt edited; original report said "setsockopt" is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls sotoinpcbso: errnot necpgetsocketattributesstruct socket so, struct sockopt sopt i...
macOS necp_get_socket_attributes so_pcb Type Confusion
MacOS sopcb type confusion in necpgetsocketattributes CVE-2017-13855 When setsockopt is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls sotoinpcbso: errnot necpgetsocketattributesstruct socke...
Apple macOS - necp_get_socket_attributes so_pcb Type Confusion
Apple macOS - necpgetsocketattributes sopcb Type Confusion / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1392&desc=2 When getsockopt edited; original report said "setsockopt" is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes i...
Apple macOS - 'necp_get_socket_attributes' so_pcb Type Confusion
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1392&desc=2 When getsockopt edited; original report said "setsockopt" is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls...
NfSen < 1.3.7 / AlienVault OSSIM < 5.3.6 - Local Privilege Escalation
Exploit Title: Local root exploit affecting NfSen = 1.3.7, AlienVault USM/OSSIM = 5.3.6 Version: NfSen 1.3.7 Version: AlienVault 5.3.6 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage: http://www.alienvault.com/ Software Link:...
PuTTY ssh_agent_channel_data Integer Overflow
Source: https://www.chiark.greenend.org.uk/sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html summary: Vulnerability: integer overflow permits memory overwrite by forwarded ssh-agent connections class: vulnerability: This is a security vulnerability. difficulty: fun: Just needs tuits, and not...
PuTTY 0.68 - ssh_agent_channel_data Integer Overflow Heap Corruption
PuTTY 0.68 - sshagentchanneldata Integer Overflow Heap Corruption Source: https://www.chiark.greenend.org.uk/sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html summary: Vulnerability: integer overflow permits memory overwrite by forwarded ssh-agent connections class: vulnerability: This is a...
Ubuntu 14.04 LTS / 16.04 LTS : juju-core vulnerability (USN-3300-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3300-1 advisory. Ryan Beisner discovered juju did not set permissions on a Unix domain socket. A local attacker could use this flaw to gain administrative privileges...
CVE-2017-9232
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root...
CVE-2017-9232
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root...
CVE-2017-9232
CVE-2017-9232 affects Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3, due to a UNIX domain socket being created without proper permissions, enabling local privilege escalation to root. Public sources confirm exploitation paths via local tooling (e.g., Juju-run agent privilege esc...
CVE-2017-9232
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root...
Ubuntu: Security Advisory (USN-3300-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apple iOS / MacOS Domain Socket Kernel Use-After-Free(CVE-2017-2501)
iOS/MacOS kernel uaf due to bad locking in unix domain socket file descriptor externalization unpexternalize is responsible for externalizing the file descriptors carried within a unix domain socket message. That means allocating new fd table entries in the receiver and recreating a file which...
USN-3300-1 juju-core vulnerability
Ryan Beisner discovered juju did not set permissions on a Unix domain socket. A local attacker could use this flaw to gain administrative privileges...
CVE-2017-9232
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root...
UBUNTU-CVE-2017-9232
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root...
PT-2017-18797 · Canonical · Juju +1
Name of the Vulnerable Software and Affected Versions: Juju versions prior to 1.25.12 Juju versions 2.0.x prior to 2.0.4 Juju versions 2.1.x prior to 2.1.3 Description: The issue allows for privilege escalation by users on the system to root due to the use of a UNIX domain socket without...