CVE-2017-5932

CVE-2017-5932 is a Bash local privilege escalation exploiting the path autocompletion feature. A crafted filename that begins with a double quote and includes a command substitution metacharacter can allow a local user to execute arbitrary code with elevated privileges. The vulnerability affects ...

CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...

CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...

Linux/x86 - Reverse /bin/bash Shellcode (110 bytes)

/ ; File name: reversebash.nasm ; Author: Jasmin Landry @JR0ch17 ; Purpose: Shellcode that creates a reverse /bin/bash shell on port 54321 to IP address 192.168.3.119 ; To change ; Shellcode length: 110 bytes ; Tested on Ubuntu 12.04.5 32-bit x86 ; Assemble reversebash.nasm file: nasm -f elf32 -o...

CentOS 6 : bash (CESA-2017:0725)

An update for bash is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

bash security update

CentOS Errata and Security Advisory CESA-2017:0725 An update for bash is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

APNGDis 2.8 - chunk size descriptor Heap Buffer Overflow Exploit

Exploit for multiple platform in category dos / poc Exploit Title: APNGDis chunk size descriptor Buffer Overflow Date: 14-03-2017 Exploit Author: Alwin Peppels Vendor Homepage: http://apngdis.sourceforge.net/ Software Link: https://sourceforge.net/projects/apngdis/files/2.8/ Version: 2.8 Tested o...

RedHat Update for bash RHSA-2017:0725-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : bash (RHSA-2017:0725)

An update for bash is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution

An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances...

Moderate: Red Hat Security Advisory: bash security and bug fix update

An update for bash is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

bash: popd controlled free

A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session...

bash: Arbitrary code execution via malicious hostname

An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances...

Malicious Debian Package Generator: kimi

Malicious Debian Package generator Script to generate malicious debian packages debain trojans. Kimi is a script which generates Malicious debian package for metasploit which consists of bash file. the bash file is deployed into “/usr/local/bin/” directory. Backdoor gets executed just when victim...

kimi - Script To Generate Malicious Debian Packages (Debian Trojans)

Script to generate malicious debian packages debain trojans. Kimi is name inspired from "Kimimaro" one of my favriote charater from anime called "Naruto". Kimi is a script which generates Malicious debian package for metasploit which consists of bash file. the bash file is deployed into...

Multiple Arbitrary Code Execution Vulnerabilities in GNU Bash

Bash is a shell command language interpreter written by American software developer Brian J. Fox for the GNU Project, which runs on Unix-like operating systems the default shell for Linux systems and is capable of reading and executing commands from a standard input device or file, and also...

CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...

GNU / Bash v4.4 autocompletion Code Execution Vulnerability

Exploit for linux platform in category local exploits GNU Bash code execution vulnerability in path completion Jens Heyens, Ben Stock January 2017 1 Introduction GNU Bash from version 4.4 contains two bugs in its path completion feature leading to a code execution vulnerability. An exploit can be...

SUSE-SU-2017:0302-1 Security update for bash

This update for bash fixes the following issues: - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables. bsc1001299 - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the...

DEBIAN-CVE-2016-9401

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address...