mimipenguin - A Tool To Dump The Login Password From The Current Linux User

A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. Details Takes advantage of cleartext credentials in memory by dumping the process and extracting lines that have a high probability of containing cleartext...

File Override

github.com/docker/docker is vulnerable to file override attacks. It allows local users to set Linux Security Modules LSM and dockert policies. It can be triggered through images that allow volumes to override files in /proc...

Virtuozzo Linux Errata and Bugfix Advisory 2017:0926

Upstream security update. Follow RHBA-2017-0926 for details...

Russian-Speaking Turla Joins APT Elite

SINT MAARTEN—In the waning moments of his 2016 talk at the Security Analyst Summit, Thomas Rid had a drop-the-mic moment when he disclosed there were likely links between the infamous Moonlight Maze cyberespionage operation of the mid- and late-1990s and the modern-day Turla APT. Today during thi...

Moderate: Red Hat Security Advisory: qemu-kvm security and bug fix update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

MGASA-2017-0072 Updated util-linux packages fix security vulnerability

With the su command from util-linux before 2.29.2, it is possible for any local user to send SIGKILL to other processes with root privileges. To exploit this, the user must be able to perform su with a successful login. SIGKILL can only be sent to processes which were executed after the su proces...

Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes)

Linux/x86-64 - Polymorphic Setuid0 & Execve/bin/sh Shellcode 31 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation file...

Dino Dai Zovi on Securing Linux in Modern Workloads

Security researcher Dino Dai Zovi talks to Mike Mimoso about a new company he cofounded called Capsule8—which left stealth mode on Wednesday—that will help IT organizations counter threats to Linux infrastructures in the enterprise and cloud. Dai Zovi also talks about the 10-year anniversary of h...

GLSA-201612-45 : Tor: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201612-45 Tor: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifier and change log referenced below for details. Impact : A remote attacker could possibly cause a Denial o...

McAfee VirusScan Enterprise for Linux authentication token brute force

Added: 12/23/2016 CVE: CVE-2016-8023 BID: 94823 Background McAfee VirusScan Enterprise for Linux is real-time, anti-malware software for Linux. Problem McAfee VirusScan Enterprise for Linux allows remote attackers to execute arbitrary commands by exploiting multiple vulnerabilities, including the...

aur.archlinux.org XSS vulnerability

Vulnerable URL: https://aur.archlinux.org/login/?referer="// Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 09:24 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| ...

SUSE-SU-2016:2954-1 Security update for util-linux

This update for util-linux fixes the following issues: - Consider redundant slashes when comparing paths bsc982331, util-linux-libmount-ignore-redundant-slashes.patch, affects backport of util-linux-libmount-cifs-ismounted.patch. - Use upstream compatibility patches for --show-pt-geometry with...

Low: Red Hat Security Advisory: util-linux security, bug fix, and enhancement update

An update for util-linux is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

[ASA-201611-8] libcurl-compat: multiple issues

Arch Linux Security Advisory ASA-201611-8 ========================================= Severity: High Date : 2016-11-03 CVE-ID : CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8619 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 Package : libcurl-compat Type : multiple issu...

[ASA-201611-4] lib32-curl: multiple issues

Arch Linux Security Advisory ASA-201611-4 ========================================= Severity: High Date : 2016-11-02 CVE-ID : CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8621 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 Package : lib32-curl Type : multiple issues...

[ASA-201611-5] lib32-libcurl-compat: multiple issues

Arch Linux Security Advisory ASA-201611-5 ========================================= Severity: High Date : 2016-11-02 CVE-ID : CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8621 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 Package : lib32-libcurl-compat Type : multipl...

[SECURITY] Fedora 25 Update: libsemanage-2.5-8.fc25

Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...

Oracle MySQL 'my.conf' Security Bypass Vulnerability - Linux

Oracle MySQL is prone to a security bypass vulnerability. This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

ps-inject - Inject Shellcode on Linux PID

Inject shellcode on linux PID How use: $ make gcc -Wall -Wextra -O3 -c -o lib/file.o src/file.c gcc -Wall -Wextra -O3 -c -o lib/str.o src/str.c gcc -Wall -Wextra -O3 -c -o lib/mem.o src/mem.c gcc -Wall -Wextra -O3 -c -o lib/inject.o src/inject.c gcc -Wall -Wextra -O3 -c -o lib/main.o src/main.c g...

[SECURITY] Fedora 24 Update: cryptobone-1.0.5-1.fc24

The Crypto Bone is a secure messaging system that makes sure a user's email is always encrypted without burdening the user with the message key management. Based on a GUI and a separate daemon, both ease-of-use and security are assured by a novel approach to encryption key management. While the...