CVE-2022-27650

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

UBUNTU-CVE-2022-27650

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

UBUNTU-CVE-2022-27649

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

CVE-2022-27650

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

CVE-2022-27649

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

GHSA-QVF8-P83W-V58J Podman's default inheritable capabilities for linux container not empty

A bug was found in Podman where containers were created with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2. This bug did not affect...

PT-2022-6726 · Podman +7 · Podman +7

Name of the Vulnerable Software and Affected Versions: Podman affected versions not specified Description: The issue is related to errors in using standard permissions, allowing an attacker to bypass security restrictions and elevate privileges. This is due to containers being started with...

CVE-2022-27649

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

Updated docker packages fix security vulnerability

Containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during 'execve2' CVE-2022-24769...

CVE-2022-24769

A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve2 runs...

CVE-2022-24769 Default inheritable capabilities for linux container should be empty

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux...

PT-2022-6151 · Docker +6 · Moby +7

Name of the Vulnerable Software and Affected Versions: Moby Docker Engine versions prior to 20.10.14 Description: A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and...

Local Privilege Escalation in polkits pkexec

A bug exists in the polkit pkexec binary in how it processes arguments. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument list and populat...

Polkit pkexec Local Privilege Escalation Exploit

This is a Metasploit module for the argument processing bug in the polkit pkexec binary. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument...

Polkit pkexec Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Local Privilege Escalation in polkits pkexec', 'Description' = %q A bug exists in the polkit pkexec binary in how it processes arguments. If the...

Solaris/SPARC - setuid(0) + execve (/bin/ksh) Shellcode

/ sparcsolarisexec.c - Solaris/SPARC execve shellcode Copyright c 2022 Marco Ivaldi Pretty standard Solaris/SPARC setuid/execve shellcode. Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC execve shellcode 12 + 48 = 60 bytes / / setuid0 /...

Linux/MIPS - N32 MSB Reverse Shell Shellcode

/ mipsn32msblinuxrevsh.c - MIPS N32 MSB Linux reverse Copyright c 2022 Marco Ivaldi Basic MIPS N32 MSB Linux reverse shellcode, showcasing various techniques to avoid badchars. Cross-compile https://buildroot.org/ with: $ mips64-linux-gcc -static mipsn32msblinuxrevsh.c -o revsh Tested on Linux...

SUSE-SU-2022:0161-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a ! script file was mishandled. bsc1107296, bsc1107294 - CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring o...

Advisory ROSA-SA-2021-2005

Software: zsh 5.0.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-10070 CVE-Crit: HIGH CVE-DESC: zsh before 5.0.7 allows the initial values of integer variables imported from the environment to be evaluated instead of treating them as literal numbers. This may allow local privilege escalation under some specif...

Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes, xor encoded)

Exploit Title: Linux/x86 - execve /bin/sh Shellcode fstenv eip GetPC technique 70 bytes, xor encoded Exploit Author: d7x Tested on: Ubuntu x86 / shellcode with XOR decoder stub and fstenv MMX FPU spawning a /bin/sh shell uses the fstenv GetPC technique to get the memory address dynamically...