xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation

!/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their...

AddressSanitizer (ASan) SUID Executable Privilege Escalation

This module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer ASan. ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The logpath option can be set using the ASANOPTIONS...

ASAN/SUID - Local Privilege Escalation

!/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a vulnerable system. Supply your own targe...

ASANSUID - Local Privilege Escalation

ASANSUID - Local Privilege Escalation !/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a...

Fedora 29 : beep (2018-92eff16e03)

Security fix for CVE-2018-1000532, new non-root permissions and a few smaller fixes. Fix a directory traversal issue introduced with the fix for CVE-2018-1000532, and refuses to run as setuid root or via sudo to avoid any more priviledge escalation issue. ---- Security fix for CVE-2018-1000532 an...

Fedora 28 : flatpak (2018-4d68cf2b1c)

flatpak 1.0.6 release. This release fixes an issue that lets system-wide installed applications create setuid root files inside their app dir somewhere in /var/lib/flatpak/app. Setuid support is disabled inside flatpaks, so such files are only a risk if the user runs them manually outside flatpak...

xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation

!/bin/sh raptorxorgy - xorg-x11-server LPE via modulepath switch Copyright c 2018 Marco Ivaldi A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to...

lighttpd < 1.4.34 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.34. It is, therefore, affected by the following vulnerabilities : - When Server Name Indication SNI is enabled, a flaw exists that could cause the application to use all available SSL ciphers, including we...

xorg-x11-server 1.20.3 - Privilege Escalation

xorg-x11-server 1.20.3 - Privilege Escalation Exploit Title: xorg-x11-server 1.20.3 - Privilege Escalation Date: 2018-10-27 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.x.org/ Version: xorg-x11-server 1.19.0 - 1.20.2 Tested on: OpenBSD 6.3 and 6.4 CVE : CVE-2018-14665 raptorxorgasm...

systemd - chown_one() Dereference Symlinks

systemd - chownone Dereference Symlinks I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When chownone in the recursive chown logic decides that it has to...

systemd - chown_one() can Dereference Symlinks Exploit

Exploit for linux platform in category dos / poc I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When chownone in the recursive chown logic decides that it...

systemd - &#039;chown_one()&#039; Dereference Symlinks

I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When chownone in the recursive chown logic decides that it has to change ownership of a directory entry, it...

New Privilege Escalation Flaw Affects Most Linux Distributions

An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system display server that offers ...

xorg-x11-server 1.20.3 - Local Privilege Escalation Exploit (2)

Exploit for multiple platform in category local exploits xorg-x11-server Local Privilege Escalation 2 !/bin/bash x0rg - Xorg Local Root Exploit Released under the Snitches Get Stitches Public Licence. props to prdelka / fantastic for the shadow vector. Gr33tz to everyone in lizardhq and elsewhere...

CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root...

Keybase: Linux privilege escalation via trusted $PATH in keybase-redirector

keybase-redirector is a setuid root binary. keybase-redirector calls the fusermount binary using a relative path and the application trusts the value of $PATH. This allows a local, unprivileged user to trick the application to executing a custom fusermount binary as root. Environment CentOS Linux...

MagniComp SysInfo Information Disclosure Vulnerability - Linux

MagniComp SysInfo is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MagniComp SysInfo Information Disclosure Vulnerability - Mac OS X

MagniComp SysInfo is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

openSUSE Security Update : spice-gtk (openSUSE-2018-1015)

This update for spice-gtk fixes the following issues : Security issues fixed : - CVE-2018-10873: Fix potential heap corruption when demarshalling bsc1104448 - CVE-2018-10893: Avoid buffer overflow on image lz checks bsc1101295 Other bugs fixed : - Add setuid bit to spice-client-glib-usb-acl-helpe...

Security update for spice-gtk (important)

This update for spice-gtk fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling bsc1104448 - CVE-2018-10893: Avoid buffer overflow on image lz checks bsc1101295 Other bugs fixed: - Add setuid bit to spice-client-glib-usb-acl-helper...