kernel: Overflowing kernel mount table using shared bind mount

It was found that in Linux kernel the mount table expands by a power-of-two with each bind mount command. If a system is configured to allow non-privileged user to do bind mounts, or allows to do so in a container or unprivileged mount namespace, then non-privileged user is able to cause a local...

Linux kernel 'acpi_ns_terminate()' function sensitive information disclosure vulnerability

Linux is an open source operating system. A security vulnerability in the 'acpinsterminate' function in the Linux drivers/acpi/acpica/nsutils.c file allows local attackers to exploit the vulnerability by submitting a special request, obtaining sensitive information, and bypassing the KASLR...

Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0086)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Tenable SecurityCenter Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)

The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache : - A flaw exists in the modsessioncrypto module due to encryption for data and cookies using the configured...

Exploiting the Linux kernel via packet sockets

Guest blog post, posted by Andrey Konovalov Introduction Lately I’ve been spending some time fuzzing network-related Linux kernel interfaces with syzkaller. Besides the recently discovered vulnerability in DCCP sockets, I also found another one, this time in packet sockets. This post describes ho...

Directory Traversal

github.com/docker/docker is vulnerable to directory traversal attacks. These attacks are possible by using a symlink attack in an image when respawning a container. It allows local users to escape containerization "mount namespace breakout" and file overwrite...

Cross-site Scripting (XSS)

github.com/kubernetes/dashboard is vulnerable to cross-site scripting XSS attacks. The library does not sanitize the namespace parameter, allowing a malicious user to inject and execute arbitrary JavaScript JS code...

Cross Namespace Escalation

github.com/kubernetes/kubernetes is vulnerable to cross namespace escalation attacks. A malicious user can submit a HPA request against another namespace that they have no permissions on and use it to manipulate resources...

Ubuntu: Security Advisory (USN-3271-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3271-1: Libxslt vulnerabilities

Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service application crash or possible execute arbitrary code. CVE-2017-5029 Nicolas Gregoire discovere...

Ubuntu 14.04 LTS / 16.04 LTS : Libxslt vulnerabilities (USN-3271-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3271-1 advisory. Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString function in Libxslt. An attacker could use this to craft a maliciou...

Input Validation Bypass

Apache Hadoop HDFS is vulnerable to input validation bypass. The attack is possible because it does not correctly handle the validation of the input to NameNode when it is sent as a query parameter during the interaction of the HDFS client with the DataNode in the HDFS namespace browsing. A user...

CVE-2017-3162

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...

CVE-2017-3162

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...

CVE-2017-3162

Apache Hadoop CVE-2017-3162: A vulnerability in the HDFS namespace browsing flow where the DataNode servlet accepts a NameNode URL as a query parameter without validation, allowing an attacker to bypass security restrictions. Affected software includes Hadoop versions prior to 2.7.0; the issue st...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2017:0933 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

openSUSE Security Update : lxc (openSUSE-2017-463)

This update for lxc fixes the following issues : This security issue was fixed : CVE-2017-5985: lxc-user-nic allowed access to network namespace over which the caller did not hold privilege boo1028264. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

kernel: Signed overflow for SO_{SND|RCV}BUFFORCE

A flaw was found in the Linux kernel's implementation of setsockopt for the SOSND|RCVBUFFORCE setsockopt system call. Users with non-namespace CAPNETADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect...

Adobe Reader DC XSLT Namespace Node Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2017-5607

Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to...