USN-3784-1: AppArmor update

As a security improvement, this update adjusts the private-files abstraction to disallow writing to thumbnailer configuration files. Additionally adjust the private-files, private-files-strict and user-files abstractions to disallow writes on parent directories of sensitive files...

Windows Subsystem for Linux Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity. An attacker who successfully exploited this vulnerability could replace or delete arbitrary files as a low privilege user. A attacker could exploit this vulnerability by running a...

Default configuration

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipsov4optptr function in net/ipv4/cipsoipv4.c leading to a denial-of-service. A certain non-default...

DEBIAN-CVE-2018-10938

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipsov4optptr function in net/ipv4/cipsoipv4.c leading to a denial-of-service. A certain non-default...

Important kernel security update: CVE-2018-3620 and other issues; new kernel 2.6.32-042stab133.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab133.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 that is a rebase to the Red Hat Enterprise Linux 6.10 kernel 2.6.32-754.3.5.el6. The new kernel inherits a number of security fixes from the new RHEL kernel and introduces intern...

SUSE-SU-2018:2066-1 Security update for util-linux

This update for util-linux fixes the following security issue: - CVE-2018-7738: Fix local vulnerability using embedded shell commands in a mountpoint name bsc1084300...

Amazon Linux 2 : xmlrpc (ALAS-2018-1041)

A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a ex:serializable element.CVE-2016-5003 C...

Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)

/ ; Filename: tcpbindshellcodelight.nasm ; Author: Paolo Perego ; Website: https://codiceinsicuro.it ; Twitter: @thesp0nge ; SLAE-ID: 1217 ; Purpose: binds on TCP port 4444 and spawn a shell on incoming connections. global start section .text start: ; Creating the socket. ; ; int socketint domain...

Google Chrome Security Updates (stable-channel-update-for-desktop_29-2018-05) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Kaspersky KSN for Linux Memory Corruption Vulnerability

Kaspersky KSN for Linux provides cloud-assisted, multi-layered security for servers and workstations running the Linux operating system. A memory corruption vulnerability exists in Kaspersky KSN for Linux. An attacker could exploit the vulnerability to execute arbitrary code...

[ASA-201805-17] libcurl-compat: multiple issues

Arch Linux Security Advisory ASA-201805-17 ========================================== Severity: Critical Date : 2018-05-18 CVE-ID : CVE-2018-1000300 CVE-2018-1000301 Package : libcurl-compat Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-698 Summary ======= The...

DSA-4179-1 linux-tools - security update

Bulletin has no description...

[ASA-201803-16] lib32-curl: multiple issues

Arch Linux Security Advisory ASA-201803-16 ========================================== Severity: Medium Date : 2018-03-19 CVE-ID : CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 Package : lib32-curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-654 Summary =====...

[ASA-201803-11] ntp: multiple issues

Arch Linux Security Advisory ASA-201803-11 ========================================== Severity: High Date : 2018-03-16 CVE-ID : CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 Package : ntp Type : multiple issues Remote : Yes Link :...

[ASA-201803-5] python-django: denial of service

Arch Linux Security Advisory ASA-201803-5 ========================================= Severity: Medium Date : 2018-03-06 CVE-ID : CVE-2018-7536 CVE-2018-7537 Package : python-django Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-649 Summary ======= The package...

[ASA-201801-26] lib32-libcurl-compat: multiple issues

Arch Linux Security Advisory ASA-201801-26 ========================================== Severity: Medium Date : 2018-01-29 CVE-ID : CVE-2018-1000005 CVE-2018-1000007 Package : lib32-libcurl-compat Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-598 Summary ======= The...

USN-3540-1 linux, linux-aws, linux-euclid vulnerabilities

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...

Linux/x86 - Add Root User (w00w00) To /etc/passwd Shellcode (104 bytes)

/ jmp callw00w00 w00w00: popl %edi jmp w0w0w callw00w00: call w00w00 w0w0w: OPEN ecx=flag ORDONLY, OWRONLY, ... OWRONLY | OAPPEND | OCREAT = 0x441 edx=file mode ebx=address of filename eax=0x05 syscall number xorl %ebx,%ebx movb $file-w0w0w,%bl addl %edi,%ebx xorb %al,%al movb %al,11%ebx xorl...

Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)

/ Title : tcpbindshell 150 bytes Date : 04 October 2013 Author : Russell Willis Testd on: Linux/x8664 SMP Debian 3.2.46-1+deb7u1 x8664 GNU/Linux $ objdump -D tcpbindshell -M intel tcpbindshell: file format elf64-x86-64 Disassembly of section .text: 0000000000400080 : 400080: 48 31 c0 xor rax,rax...

Linux/x86-64 - setreuid(0,0) + execve(/bin/ash,NULL,NULL) + XOR Encoded Shellcode (85 bytes)

Title: Linux x86-64 setreuid 0,0 & execve"/bin/ash",NULL,NULL + XOR encoded - 85 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...