BlobRunner - Quickly Debug Shellcode Extracted During Malware Analysis

BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis. BlobRunner allocates memory for the target file and jumps to the base or offset of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort. To...

binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library

An integer wraparound has been discovered in the Binary File Descriptor BFD library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information...

binutils: Integer overflow in the display_debug_ranges function resulting in crash

The displaydebugranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump...

SUSE-SU-2018:3490-1 Security update for xen

This update for xen fixes the following issues: XEN was updated to the Xen 4.9.3 bug fix only release bsc1027519 - CVE-2018-17963: qemudeliverpacketiov accepted packet sizes greater than INTMAX, which allows attackers to cause a denial of service or possibly have unspecified other impact...

SUSE-SU-2018:3480-1 Security update for wpa_supplicant

This update for wpasupplicant provides the following fixes: This security issues was fixe: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...

Morris Worm sendmail Debug Mode Shell Escape

This module exploits sendmail's well-known historical debug mode to escape to a shell and execute commands in the SMTP RCPT TO command. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. Currently, only...

SUSE-SU-2018:3230-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 XSA-260, bsc1090820 - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2018-1143) (Spectre)

This update for java-180-openjdk to the jdk8u181 icedtea 3.9.0 release fixes the following issues : These security issues were fixed : - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

Red Hat Ceph Storage ceph-isci-cli package remote command injection vulnerability

Red Hat Ceph Storage is a suite of scalable, open software-defined storage platforms from Red Hat, Inc. ceph-isci-cli is one of the command-line programs. A security vulnerability exists in the ceph-isci-cli package in Red Hat Ceph Storage versions 2 and 3. An attacker could use this vulnerabilit...

NUUO NVRmini2 and NVRsolo

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: NUUO Equipment: NVRmini2, NVRsolo Vulnerabilities: Stack-based Buffer Overflow, Leftover Debug Code 2. RISK EVALUATION Successful exploitation of these...

CVE-2018-14649

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

CVE-2018-14649

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

Design/Logic Flaw

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

CVE-2018-14649

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

PT-2018-12640 · Pallets Projects +1 · Python-Werkzeug +1

Name of the Vulnerable Software and Affected Versions: Red Hat Ceph Storage versions 2 and 3 Description: The issue allows unauthenticated attackers to access a debug shell and escalate privileges. This is due to the ceph-isci-cli package using python-werkzeug in debug shell mode, enabled by...

CVE-2018-11752

Previous releases of the Puppet ciscoios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release...

RHEL 7 : ceph-iscsi-cli (RHSA-2018:2837)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2837 advisory. ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Security Fixes: It was found th...

ceph-iscsi-cli: rbd-target-api service runs in debug mode allowing for remote command execution

It was found that rbd-target-api service provided by ceph-iscsi-cli was running in debug mode. An unauthenticated attacker could use this to remotely execute arbitrary code and escalate privileges...

Critical: Red Hat Security Advisory: ceph-iscsi-cli security update

An update for ceph-iscsi-cli is now available for Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Critical: Red Hat Security Advisory: ceph-iscsi-cli security update

An update for ceph-iscsi-cli is now available for Red Hat Ceph Storage 3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...