EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1232)

According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the netlinknscapable function in the...

Fedora 29 : php-twig2 (2019-a9a37fed18)

Version 2.7.2 2019-03-12 - added TemplateWrapper::getTemplateName ---- Version 2.7.1 2019-03-12 - fixed class aliases ---- Version 2.7.0 2019-03-12 - fixed sandbox security issue under some circumstances, calling the toString method on an object was possible even if not allowed by the security...

RSAC 2019: Container Escape Hack Targets Vulnerable Linux Kernel

Researchers at CyberArk have created a proof-of-concept attack that allows adversaries to bypass container security, escape the container and compromise an entire host system. However, the attack scenario is limited, in that a successful attack depends on unpatched vulnerabilities to be present i...

Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module Exploit

Linux 1 return -ENOTSUPP; return 1; int snmphelpervoid context, sizet hdrlen, unsigned char tag, const void data, sizet datalen struct snmpctx ctx = struct snmpctx context; be32 pdata = be32 data; if pdata == ctx-from prdebug"%s: %pI4 to %pI4\n", func, void &ctx-from, void &ctx-to; if ctx-check...

Linux 4.14.103 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module

Linux 4.14.103 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module commit cc2d58634e0f "netfilter: nfnatsnmpbasic: use asn1 decoder library", first in 4.16 changed the nfnatsnmpbasic module which, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages so that the...

Linux SNMP NAT Module Out-Of-Bounds Read/Write Exploit

Linux: out-of-bounds read and write in SNMP NAT module commit cc2d58634e0f "netfilter: nfnatsnmpbasic: use asn1 decoder library", first in 4.16 changed the nfnatsnmpbasic module which, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages so that the kernel's ASN.1...

The vulnerability of the map_write() function in “kernel/user_namespace.c” in the Linux operating system allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the mapwrite function in “kernel/usernamespace.c” in the Linux operating system is related to improper authorization. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...

Information Disclosure

openshift enterprise is vulnerable to information disclosure attacks. The vulnerability exists as Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace...

Virtuozzo 7 : readykernel-patch (VZA-2018-085)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the netlinknscapable function in the...

CVE-2018-16884

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...

kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service

The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the netlinknscapable function in the net/netlink/afnetlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service...

Kubernetes - (Authenticated) Arbitrary Requests

!/usr/bin/env python3 import argparse from ssl import wrapsocket from socket import createconnection from secrets import base64, tokenbytes def requeststage1namespace, pod, method, target, token: stage1 = "" with open'stage1', 'r' as stage1fd: stage1 = stage1fd.read return stage1.formatnamespace,...

Kernel security update: Virtuozzo ReadyKernel patch 67.0 for Virtuozzo 7.0.8 and 7.0.8 HF1

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-862.9.1.vz7.63.3 7.0.8 and 3.10.0-862.11.6.vz7.64.7 7.0.8 HF1. Vulnerability id: CVE-2018-14646 The Linux kernel was found to be vulnerable to a NULL pointer...

Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Nested User Namespace idmap Limit Local Privilege Escalation', 'Description' = %q This module exploits a vulnerability in Linux kernels...

Linux Nested User Namespace idmap Limit Local Privilege Escalation Exploit

This Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root CVE-2018-18955. The target system must have unprivileged user namespaces enabl...

kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service

The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the netlinknscapable function in the net/netlink/afnetlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service...

CVE-2018-14646

The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the netlinknscapable function in the net/netlink/afnetlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service...

CVE-2018-14646

The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the netlinknscapable function in the net/netlink/afnetlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service...

Null pointer dereference

The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the netlinknscapable function in the net/netlink/afnetlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service...

UBUNTU-CVE-2018-14646

The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the netlinknscapable function in the net/netlink/afnetlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service...