MGASA-2014-0474 Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.24 and fixes the following security issues: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non- canonical address to a model-specific register, which allows...

OnionDuke APT Malware served through Tor Network

The malicious Russian Tor exit node, which was claimed to be patching binary files, is actually distributing a malware program to launch cyber-espionage attacks against European government agencies. The group behind the rogue Tor exit node had likely been infecting files for more than a year,...

RHEL 6 : kernel (RHSA-2014:1843)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1843 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw was found in the way the Linux...

UBUNTU-CVE-2014-3645

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service guest OS crash via a crafted application. A local unprivileged guest user could use this flaw to crash the gue...

Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)

Linux/x86-64 - Add Map 127.1.1.1 google.lk In /etc/hosts Shellcode 110 bytes. Shellcode exploit for Linuxx86-64 platform / ; Title: Add map in /etc/hosts file - 110 bytes ; Date: 2014-10-29 ; Platform: linux/x8664 ; Website: http://osandamalith.wordpress.com ; Author: Osanda Malith Jayathissa...

kernel: kvm: vmx: invvpid vm exit not handled

It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invvpid Invalidate Translations Based on VPID instructions. On hosts with an Intel processor and invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest...

CVE-2014-3955

CVE-2014-3955 affects FreeBSD routed(8). The input path of RIP queries will accept from any source, but the output path assumes the reply is to a directly connected network, causing an assertion failure and daemon exit when a query originates off-subnet. Impact is a denial of service (routing tab...

CVE-2014-4503

The parsenotify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service application exit via a crafted 1 bbversion, 2 prevhash, 3 nbit, or 4 ntime parameter in a mining.notify action stratum message...

Design/Logic Flaw

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

XFree86 4.2 XLOCALEDIR Local Buffer Overflow Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment...

linux/x86 write(0,"Hello core!\n",12); (with optional 7 byte exit) 36 bytes

No description provided by source. / writehello-core.c by Charles Stevenson [email protected] I made this as a chunk you can paste in to make modular remote exploits. I use it to see if my dup2loop worked. If you don't get Hello core!\n back it's a good indicator your shell won't be functional the...

linux/x86 normal exit with random (so to speak) return value 5 bytes

No description provided by source. / linux/x86 normal exit w/ random so to speak return value - 5 bytes - izik [email protected] / char shellcode = \x31\xc0 // xor %eax,%eax \x40 // inc %eax \xcd\x80; // int $0x80 int mainint argc, char argv int ret; ret = int &ret + 2; ret = int shellcode; //...

GNU Sharutils <= 4.2.1 - Local Format String PoC Exploit

No description provided by source. / GNU sharutils = 4.2.1 Local Format String POC Code C0ded by n4rk0tix a.k.a nrktx [email protected] Below is a l4m3 proof of concept code for da recently reported lame bug; These binaryz have not only format bugz, but also buffer overflowz,etc.We also...

Linux - chmod(/etc/shadow, 0666) & exit() - 33 bytes

No description provided by source. include stdio.h / linux/x86 ; chmod/etc/shadow, 0666 & exit 33 bytes written by ka0x - ka0x01alt+64gmail.com lun sep 21 17:13:25 CEST 2009 greets: an0de, Piker, xarnuz, NullWave07, Pepelux, JosS, sch3m4, Trancek and others! / int main char shellcode = \x31\xc0 /...

Solaris/x86 - Sync() & reboot() & exit(0) - 48 bytes

No description provided by source. / Title: Solaris/x86 - Sync & reboot & exit0 - 48 bytes Author: Jonathan Salwan submit AT shell-storm.org Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan ! Database of shellcodes: http://www.shell-storm.org/shellcode/ Date: 2010-06-07...

linux/x86 Shellcode Polymorphic chmod("/etc/shadow",666) 54 bytes

No description provided by source. / Title : Linux/x86 - Shellcode Polymorphic chmod/etc/shadow,666 & exit - 54 bytes Encode : ADD Author : Jonathan Salwan Mail : submit ! shell-storm.org ! Database of shellcodes = http://www.shell-storm.org/shellcode/ Informations chmod & exit:...

Linux/SuperH - sh4 - setuid(0) - chmod("/etc/shadow", 0666) - exit(0) - 43 bytes

No description provided by source. / Title: Linux/SuperH - sh4 - setuid0 - chmod/etc/shadow, 0666 - exit0 - 43 bytes Date: 2011-06-22 Tested on: Debian-sh4 2.6.32-5-sh7751r Author: Jonathan Salwan - twitter: @jonathansalwan http://shell-storm.org seteuid: mov 23, r3 xor r4, r4 trapa 2 chmod: mov...

CREAR ALMail32 1.10 Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/574/info The ALMail32 POP3 client conatins unchecked buffers in the header parsing code. An abnormally long FROM: or TO: field in the header of an incoming email will overwrite the buffer and allow arbitrary code to be...