breakout-vm-penetration-test

Privilege Escalation Report: Exploiting Linux Capabilities...

EUVD-2019-2944

Malware in sbrugna...

EUVD-2019-2942

Malware in sbrugna...

CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

Privilege escalation

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

CVE-2022-37705

CVE-2022-37705 affects Amanda 3.5.1. The runtar SUID wrapper to tar mishandles arguments, enabling a backup user to escalate to root. Public notes in Debian LTS advisories confirm a fix in amanda packages (e.g., Debian 11 1:3.5.1-7+deb11u1) and CloudLinux/LT advisory references indicate tar optio...

CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

CVE-2019-11246

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

CVE-2019-11249

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

CVE-2019-1002101 kubectl cp path traversal

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could r...

CVE-2016-3708

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that 1 contain...

PT-2016-5669 · Red Hat · Red Hat Openshift Enterprise

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.2 Description: The issue allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that contains ONBUILD commands or does not contain a tar...