Debian DLA-1069-1 : tenshi security update

Tenshi creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a 'kill cat /pathname/tenshi.pid' command. For Debian...

[SECURITY] [DLA 1069-1] tenshi security update

Package : tenshi Version : 0.13-2+deb7u1 CVE ID : CVE-2017-11746 Debian Bug : 871321 Tenshi creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modificatio...

Nagios Core Denial of Service Vulnerability

Nagios Core is an open source, free network monitoring tool. A denial of service vulnerability exists in Nagios Core versions prior to 4.3.3. A local attacker can exploit the vulnerability to terminate arbitrary processes...

UnrealIRCd Local Elevation of Privilege Vulnerability

UnrealIRCd is an open source IRC server developed by the UnrealIRCd project team. A security vulnerability exists in UnrealIRCd 4.0.13 and earlier versions. A local attacker can exploit the vulnerability to terminate arbitrary processes...

Command injection

UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command. NOTE: t...

CVE-2017-12847

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill cat...

CVE-2017-12847

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill cat...

Command injection

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill cat...

UBUNTU-CVE-2017-12847

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill cat...

CVE-2017-13649

UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command. NOTE: t...

CVE-2017-12847

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill cat...

Design/Logic Flaw

In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sderotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use...

CVE-2017-8257

In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sderotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use...

LinEnum v0.6 - Scripted Local Linux Enumeration and Privilege Escalation Checks

LinEnum will automate many of the checks that I’ve documented in the Local Linux Enumeration & Privilege Escalation Cheatsheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful...

SMBLoris Denial Of Service

There's a lot of talk about SMBLoris but nobody seems to have written a public efficient PoC yet, so I gave it a shot. A single instance takes down a fully patched Windows 10 Pro box with 8GiB of RAM in less than 10 seconds. I tried using Scapy initially, but it's dog slow, so I went with C. The...

Tenshi Elevation of Privilege Vulnerability

Tenshi is a log monitoring tool with the ability to view one or more logs. A security vulnerability exists in Tenshi version 0.15. A local attacker can exploit the vulnerability to terminate arbitrary processes...

Tinyproxy main.c File Denial of Service Vulnerability

Tinyproxy is a small HTTP proxy program available for Windows, Linux and Unix systems. A security vulnerability exists in the main.c file in Tinyproxy 1.8.4 and earlier versions. A local attacker can exploit this vulnerability to terminate arbitrary processes...

openssh: Leak of host private key material to privilege-separated child process via realloc()

It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information...

How Google Shrank The Android Attack Surface

LAS VEGAS—For Nick Kralevich, head of Android platform security at Google, there is no better barometer for success than finding out the market value for vulnerabilities on the OS he works to protect are among the highest paid for mobile. During a Black Hat session on hardening Android, Kralevich...

Tinyproxy < 1.10.0 DoS Vulnerability

Tinyproxy is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:banu:tinyproxy"; if...