7 matches found
New Linux Bug Lets Attackers Hijack Encrypted VPN Connections
A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The...
CVE-2019-13030
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a...
RedStar 2.0 Desktop - 'World-writeable rc.sysinit' Local Privilege Escalation
Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit" which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown here https://github.com/HackerFantastic/Public/blob/master/exploits/redstar2.0-localroot.png PoC: /bin/echo...
FreeBSD Jail rc.d脚本多个本地符号链接漏洞
FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 jail2系统调用允许系统管理员将进程及其所有子代锁定在一个环境中,这样即使进程拥有超级用户权限,也只能对该环境外的系统造成很有限的影响。由于对可能的符号链接缺少处理,主机的jail rc.d8脚本受符号链接攻击的影响。通过用符号链接替换牢笼中的/var/log/console.log,牢笼中的超级用户(root)就可能使用任意内容覆盖牢笼外主机系统上的任意文件。这可能导致以不受禁锢的超级用户权限执行任意命令。...
FreeBSD jail rc.d symbolic links problem
Multiple conditions allow to write files begind jailed environment, as an example symbolic link /var/log/console.log...
FreeBSD -- Jail rc.d script privilege escalation
Problem Description: In multiple situations the host's jail rc.d8 script does not check if a path inside the jail file system structure is a symbolic link before using the path. In particular this is the case when writing the output from the jail start-up to /var/log/console.log and when mounting...
CVE-2006-0623
CVE-2006-0623 is associated with QNX Neutrino RTOS 6.3.0. The vulnerability arises because /etc/rc.d/rc.local is shipped with world-writable permissions, allowing local users to modify the file and thereby execute arbitrary code at system startup. The connected records confirm the affected softwa...