CLSA-2026-1778146905 freerdp: Fix of CVE-2022-24883

Reuse centos7els branch for oraclelinux7els - CVE-2022-24883: fix server-side NTLM auth bypass against a SAM database by rejecting auth when SamOpen fails or the user entry is missing...

Yum Package Manager Persistence

This module will run a payload when the package manager is used. This module modifies a yum plugin to launch a binary of choice. grep -F 'enabled=1' /etc/yum/pluginconf.d/ will show what plugins are currently enabled on the system. root persmissions are likely required. Verified on Centos 7.1...

Service SystemD Persistence

This module will create a service on the box, and mark it for auto-restart. We need enough access to write service files and potentially restart services Targets: CentOS 7 Debian = 7, = 15 Ubuntu = 15.04 Verified on Ubuntu 18.04.3 Module Options msf use exploit/linux/persistence/initsystemd msf...

CLSA-2025-1748638011 Update of httpd

ELS-1267: merge spec for centos7, rhel7 and oracle7...

SUSE CVE-2017-5972

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service CPU consumption by sending many TCP SYN packets, as demonstrated by an attack against the...

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a Python script repository for exploiting the CVE-2021-3156 vulnerability in sudo. The vulnerability is a heap-based overflow in the sudo package, which can be exploited to gain root privileges. The repository contains several exploit scripts, each targeting a specific version of the sudo...

DEBIAN-CVE-2020-5291

Bubblewrap bwrap before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that...

UBUNTU-CVE-2018-17977

The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTOAH packets, and IPPROTOIP packets, which allows local users to cause a denial of service memory consumption and system hang by leveraging root access to execute crafted applications, as demonstrated on...

UBUNTU-CVE-2017-5972

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service CPU consumption by sending many TCP SYN packets, as demonstrated by an attack against the...

DEBIAN-CVE-2017-5972

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service CPU consumption by sending many TCP SYN packets, as demonstrated by an attack against the...