Moderate: Red Hat Security Advisory: bash security and bug fix update

An update for bash is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

bash: popd controlled free

A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session...

bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution

An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances...

USN-3294-2: Bash vulnerability

USN-3294-1 fixed a vulnerability in Bash. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code wit...

Prowler - Tool for AWS Security Assessment, Auditing And Hardening

Tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 Features It covers hardening and security best practices for all AWS regions related to: Identity and Access Management 24 checks Logging...

AWS CIS Benchmark Tool: Prowler

Tool based on AWS-CLI commands for AWS account hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 . It covers hardening and security best practices for all regions related to: Identity and Access Management 24 checks Logging 8 checks Monitoring 15 checks...

NfSen < 1.3.7 / AlienVault OSSIM < 5.3.6 - Local Privilege Escalation

Exploit Title: Local root exploit affecting NfSen = 1.3.7, AlienVault USM/OSSIM = 5.3.6 Version: NfSen 1.3.7 Version: AlienVault 5.3.6 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage: http://www.alienvault.com/ Software Link:...

Inspector - Privilege Escalation Unix Helper

Inspector is a python script for help in privilege escalation, for linux environement. After starting, this script search the kernel version and check if is exploit exists, load file history bash,zsh,mysql... and load list of programs loaded with root user. Download on server wget...

Zeus - AWS EC2 / S3 Auditing & Hardening Tool

Zeus is a powerful tool for AWS EC2 / S3 best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access Management Avoid the use of the "roo...

GoAutoDial 3.3 Authentication Bypass / Command Injection Exploit

This Metasploit module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database...

InsomniaX 2.1.8 Arbitrary Kernel Extension Loading Vulnerability

It was found that the loader application bundled with InsomniaX can be used to load arbitrary Kernel Extensions kext. The loader is normally used to load a kext file that is needed to disable the Lid Sleep. A flaw has been found in the loader that allows a local attacker to load or unload any...

AWS Auditing & Hardening Tool: Zeus

Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...

Keybase: Persistent XSS on keybase.io via "payload" field in `/user/sigchain_signature.toffee` template

Issue Keybase allows you to see other users' sigchains by navigating to /sigchain. The "Payload" field containing JSON related to the chainlink on the right side of the page is not correctly escaped during templating, leading to a persistent XSS as users have a high degree of control over the...

LARE - [L]ocal [A]uto [R]oot [E]xploiter is a Bash Script That Helps You Deploy Local Root Exploits

L ocal A uto R oot E xploiter is a simple bash script that helps you deploy local root exploits from your attacking machine when your victim machine do not have internet connectivity. The script is useful in a scenario where your victim machine do not have an internet connection eg. while you piv...

Code injection

Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords...

PT-2017-8413 · Pulp · Pulp

Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.5 Description: The issue arises from the unsafe use of bash's $RANDOM variable to generate passwords. Recommendations: For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue...

USN-3294-1: Bash vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code...

openSUSE Security Update : bash (openSUSE-2017-614)

This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr1 inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault. This update...

SUSE SLES11 Security Update : bash (SUSE-SU-2017:1337-1)

This update for bash fixed several issues This security issue was fixed : - CVE-2016-9401: popd in bash might allowed local users to bypass the restricted shell and cause a use-after-free via a crafted address bsc1010845. The update package also includes non-security fixes. See advisory for...

SUSE-SU-2017:1337-1 Security update for bash

This update for bash fixed several issues This security issue was fixed: - CVE-2016-9401: popd in bash might allowed local users to bypass the restricted shell and cause a use-after-free via a crafted address bsc1010845. This non-security issue was fixed: - Fix when HISTSIZE=0 and chattr +a...