CVE-2019-18276

CVE-2019-18276 affects GNU Bash up to 5.0 patch 11, where disable_priv_mode in shell.c incorrectly drops privileges when UID real != effective, leaving the saved UID intact. An attacker with shell command execution can use enable -f to load a new builtin (shared object) that calls setuid(), regai...

CVE-2019-18276

An issue was discovered in disableprivmode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems th...

Xorux Lpar2RRD and Stor2RRD Operating System Command Injection Vulnerability

Bash is a shell command language interpreter written for the GNU Project and running on Unix-like operating systems by American software developer Brian J. Fox. It can read and execute commands from standard input devices or files. An operating system command injection vulnerability exists in Xor...

Centova Cast 3.2.12 - Denial of Service (PoC)

Centova Cast 3.2.12 - Denial of Service PoC Exploit Title: Centova Cast 3.2.12 - Denial of Service PoC Date: 2019-11-18 Exploit Author: DroidU Vendor Homepage: https://centova.com Affected Version: =v3.2.12 Tested on: Debian 9, CentOS 7 =============================================== The Centova...

CVE-2019-19041

An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by...

CVE-2019-19041

An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by...

CVE-2019-19041

CVE-2019-19041 affects Xorux Lpar2RRD 6.11 and Stor2RRD 2.61 (distributed in Xorux 2.41). The underlying issue is improper verification of upgrade packages, allowing an attacker to modify the files.SUM integrity controls and inject a malicious Bash script via upgrade.sh, enabling arbitrary code e...

SUSE SLES12 Security Update : bash (SUSE-SU-2019:2976-1)

This update for bash fixes the following issues : CVE-2012-6711: Fixed a heap-based buffer overflow during echo of unsupported characters bsc1138676. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

SUSE-SU-2019:2976-1 Security update for bash

This update for bash fixes the following issues: - CVE-2012-6711: Fixed a heap-based buffer overflow during echo of unsupported characters bsc1138676...

systemd security, bug fix, and enhancement update

239-18.0.1 - fix netdev is missing for iscsi entry in /etc/fstab [email protected] Orabug: 25897792 - set 'RemoveIPC=no' in logind.conf as default for OL7.2 Orabug: 22224874 - allow dm remove ioctl to co-operate with UEK3 Vaughan Cao Orabug: 18467469 - add hv dynamic memory support Jerry...

USN-4180-1: Bash vulnerability

It was discovered that Bash incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

CVE-2009-4011

dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console...

CVE-2009-4011

dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console...

CVE-2009-4011

dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console...

CVE-2009-4011

dtc-xen is a SOAP daemon used for Xen VM management. The CVE-2009-4011 issue is a race condition in dtc-xen 0.5.x before 0.5.4, caused by mishandling of concurrent access to shared resources, enabling an attacker to gain a bash shell as the xenXX user on dom0 and potentially reuse an already open...

CVE-2009-4011

Removed by vendor...

Security update for tcpdump (important)

openSUSE Security Update: Security update for tcpdump Announcement ID: openSUSE-SU-2019:2344-1 Rating: important References: 1068716 1153098 1153332 Cross-References: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465...

Discover - Custom Bash Scripts Used To Automate Various Penetration Testing Tasks Including Recon, Scanning, Parsing, And Creating Malicious Payloads And Listeners With Metasploit

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit. For use with Kali Linux and the Penetration Testers Framework PTF. Lee Baird @discoverscripts Jay "L1ghtn1ng" Townsend...

Security Bulletin: Vulnerabilities in Bash affect IBM PureData System for Operational Analytics (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the IBM PureData System for Operational Analytics. Vulnerability Detai...

Security Bulletin: Vulnerabilities in Bash affect IBM Netezza Host Management (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM Netezza Host Management. Vulnerability Details CVE-ID: CVE-2014-62...