Important kernel security update: Virtuozzo ReadyKernel patch 65.0 for Virtuozzo 7.0.7 HF3 to 7.0.8 HF1

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-693.21.1.vz7.48.2 7.0.7 HF3, 3.10.0-862.9.1.vz7.63.3 7.0.8, and 3.10.0-862.11.6.vz7.64.7 7.0.8 HF1. Vulnerability id: PSBM-89717 Use-after-free in the...

Apple iOS / macOS - Sandbox Escape due to Trusted Length Field in Shared Memory Exploit

Exploit for multiple platform in category dos / poc Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem iohideventsystem is a MIG service which provides proxy access to various HID devices for untrusted clients. On iOS it's hosted by backboard...

Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory

iohideventsystem sets up a shared memory event queue; at the end of this shared memory buffer it puts a mach message which it sends whenever it wants to notify a client that there's data available in the queue. As a client we can modify this mach message such that the server hidd on MacOS,...

Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem

iohideventsystem is a MIG service which provides proxy access to various HID devices for untrusted clients. On iOS it's hosted by backboardd and on MacOS by hidd. The actual implementation is in IOKit.framework. I, and also pangu jailbreak team, had previously found a few bugs in the kernel...

Apple iOS / macOS - Sandbox Escape due to mach Message sent from Shared Memory Exploit

Exploit for multiple platform in category dos / poc Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory iohideventsystem sets up a shared memory event queue; at the end of this shared memory buffer it puts a mach message which it sends whenever it wants to notify a client...

Apple iOSmacOS - Sandbox Escape due to mach Message sent from Shared Memory

Apple iOSmacOS - Sandbox Escape due to mach Message sent from Shared Memory iohideventsystem sets up a shared memory event queue; at the end of this shared memory buffer it puts a mach message which it sends whenever it wants to notify a client that there's data available in the queue. As a clien...

Apple iOSmacOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem

Apple iOSmacOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem iohideventsystem is a MIG service which provides proxy access to various HID devices for untrusted clients. On iOS it's hosted by backboardd and on MacOS by hidd. The actual implementation is ...

Deja-XNU

Posted by Ian Beer, Google Project Zero This blog post revisits an old bug found by Pangu Team and combines it with a new, albeit very similar issue I recently found to try to build a "perfect" exploit for iOS 7.1.2. State of the art An idea I've wanted to play with for a while is to revisit old...

VirtualBox 5.2.6.r120293 - VM Escape

VirtualBox 5.2.6.r120293 - VM Escape Oracle fixed some of the issues I reported in VirtualBox during the Oracle Critical Patch Update - April 2018. CVE-2018-2844 was an interesting double fetch vulnerability in VirtualBox Video Acceleration VBVA feature affecting Linux hosts. VBVA feature works o...

OWA for hackers: ExchangeRelayX

ExchangeRelayX is a PoC tools to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...

Micro Focus NetIQ eDirectory Information Disclosure Vulnerability

Micro Focus NetIQ eDirectory is an identity management infrastructure platform from Micro Focus UK that combines identity management architecture and directory services technology. The platform provides authentication policies, data backup and recovery services, and data disaster recovery. An...

Novell NetIQ Access Manager dhost Service Shared Memory Section Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Novell NetIQ Access Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

Information disclosure

Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage...

CVE-2018-7686

Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage...

CVE-2018-7686

Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage...

NetScaler MAS Reports High Memory Utilization

User receives alerts related to high memory usagehowever they do not observe any latency or performance related issue. From var/log ns.log we see logs related to high memory and from mpsservice.log we see messages related to out of shared memory. Tuesday, 20 Mar 18 14:26:18.845 +1100 Debug Main...

WebAssembly Changes Could Ruin Meltdown/Spectre Browser Patches

Upcoming changes to the WebAssembly Wasm format may defang the browser patches for infamous side-channel attacks Meltdown and Spectre. Wasm was invented to improve execution speed for porting desktop applications to web-based environments; programs are compiled in Wasm and then can easily be run ...

OracleVM 3.3 / 3.4 : procps (OVMSA-2018-0226)

The remote OracleVM system is missing necessary patches to address critical security updates : - vmstat: fix invalid CPU utilization stats after vCPU hot-plug/unplug Konrad Rzeszutek Wilk bug 18011019 - drop leftover assignment in fix for CVE-2018-1124 causing a severe regression - Resolves:...

openSUSE Security Update : apache2 (openSUSE-2018-438)

This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...

[SECURITY] [DSA 4182-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4182-1 [email protected] https://www.debian.org/security/ Michael Gilbert April 28, 2018 https://www.debian.org/security/faq -...