QNAP QTS Privilege Escalation Vulnerability (QSA-22-05)

QNAP QTS is prone to a local privilege escalation vulnerability, also known as dirty pipe. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847 / Dirty Pipe Hacked up Dirty Pipe CVE-2022-0847...

Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847 / Dirty Pipe Hacked up Dirty Pipe CVE-2022-0847...

Most QNAP NAS Devices Affected by ‘Dirty Pipe’ Linux Flaw

The “Dirty Pipe” Linux kernel flaw – a high-severity vulnerability in all major distros that grants root access to unprivileged users who have local access – affects most of QNAP’s network-attached storage NAS appliances, the Taiwanese manufacturer warned on Monday. Dirty Pipe, a recently reporte...

Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847-dirty-pipe-kernel-checker Python script to check...

'Dirty Pipe' Linux Flaw Affects a Wide Range of QNAP NAS Devices

Network-attached storage NAS appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. "A local privilege escalation vulnerability, also known as 'Dirty Pipe,' has been...

CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel

Last week, security researcher Max Kellermann discovered a high severity vulnerability in the Linux kernel, which was assigned the designation CVE-2022-0847. It affects the Linux kernels from 5.8 through any version before 5.16.11, 5.15.25 and 5.10.102, and can be used for local privilege...

kernel: improper initialization of the "flags" member of the new pipe_buffer

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

Exploit for Improper Initialization in Linux Linux_Kernel

Dirty-Pipe-CVE-2022-0847 CVE-2022-0847 Dirty Pipe is an arb...

Exploit for Improper Initialization in Linux Linux_Kernel

!Dirty Pipehttps://forum.hackersploit.org/uploads/default/ori...

Exploit for Improper Initialization in Linux Linux_Kernel

Dirty Pipe automatic root exploit CVE-2022-0847 !eaeasse...

Metasploit Weekly Wrap-Up

Mucking out the pipes. Thanks to some quick work by timwr, CVE-2022-0847 aka "Dirty Pipe" gives Metasploit a bit of digital plumber's training. The exploit targeting modern Linux v5 kernels helps elevate user privileges by overwriting a SUID binary of your choice by plunging some payload gold...

Dirty Pipe Local Privilege Escalation via CVE-2022-0847

This exploit targets a vulnerability in the Linux kernel since 5.8, that allows writing of read only or immutable memory. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. The module exploits this vulnerability by overwriting a suid binary with the payload, executing it, and the...

Linux “Dirty Pipe” vulnerability gives unprivileged users root access

A vulnerability in the Linux kernel, nicknamed "Dirty Pipe", allows an unprivileged user to overwrite data in read-only files. This can lead to privilege escalation as a result of unprivileged processes being able to inject code into root processes. If youre not sure what that means but you think...

CVE-2022-22141

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 t...

Design/Logic Flaw

'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc...

CVE-2022-22148

'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc...

CVE-2022-22148

CVE-2022-22148 affects Yokogawa CENTUM CS 3000 (R3.08.10–R3.09.00), CENTUM VP (R4.01.00–R4.03.00, R5.01.00–R5.04.20, R6.01.00–R6.08.00), and Exaopc (R3.72.00–R3.79.00). Root Service creates a named pipe with improper ACLs, enabling OS command injection via a local attacker to run arbitrary progra...

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

...

CVE-2022-24286

Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general...