Ubuntu PT Chown Privilege Escalation

Source: http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/ Introduction Problem description: With Ubuntu Wily and earlier, /usr/lib/ptchown was used to change ownership of slave pts devices in /dev/pts to the same uid holding the master file descriptor for the slave...

Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr Setgid Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits Source: http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/ Introduction Problem description: Linux user namespace allows to mount file systems as normal user, including the overlayfs. As many of those...

openSUSE Security Update : open-vm-tools (openSUSE-2017-385)

This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues : - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework CAF - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand ...

SUSE SLES11 Security Update : open-vm-tools (SUSE-SU-2017:0705-1)

This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues : - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework CAF - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand ...

SUSE-SU-2017:0701-1 Security update for open-vm-tools

This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues: - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework CAF - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand -...

UBUNTU-CVE-2017-5985

lxc-user-nic in Linux Containers LXC allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check...

Google Upspin Secure File-Sharing Released to Open Source

Google has released to open source new file-sharing interfaces and protocols it calls Upspin that allow users to securely share files using a global namespace rather than uploading and downloading content or sharing it first with a web-based service. Upspin is largely a consumer tool, Google said...

openSUSE Security Update : open-vm-tools (openSUSE-2017-276)

This update for open-vm-tools fixes the following issues : - Updated to 10.1.0 stable release boo1011057 + vmware-namespace-cmd command line utility. + gtk3 support + Common Agent Framework CAF + guest authentication with xmlsec1 + FreeBSD support + sub-command to push updated network information...

Adobe Reader DC XSLT namespace-alias Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XSLT's...

GitLab: Users can download old project exports due to unclaimed namespace

TL;DR: Happy new year and happy birthday, @douwem! Vulnerability details When a user renames its namespace, another user can claim the namespace and download old export files from the victim. The attack scenario here is that someone would scrape existing GitLab namespaces users and groups, which...

DEBIAN-CVE-2016-6213

fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service memory consumption and deadlock via MSBIND mount system calls, as demonstrated by a loop that triggers exponential growth in the...

Code injection

fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service memory consumption and deadlock via MSBIND mount system calls, as demonstrated by a loop that triggers exponential growth in the...

Ubuntu: Security Advisory (USN-3162-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3161-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3161-1 advisory. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3160-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3160-1 advisory. CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A loc...

Ubuntu: Security Advisory (USN-3162-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3162-2)

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service system crash. CVE-2016-6213 Andreas Gruenbacher and Jan Kara discovered that the...

Multiple CVEs: httpoxy | Cloud Foundry

Multiple CVEs: httpoxy Low Vendor Cloud Foundry Versions Affected Go Buildpack versions prior to 1.7.10 PHP Buildpack versions prior to 4.3.17 Description httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It involves to a namespace conflict...

Ubuntu: Security Advisory (USN-3161-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : Linux kernel (Qualcomm Snapdragon) vulnerabilities (USN-3161-4)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3161-4 advisory. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to...