161 matches found
[SECURITY] [DLA 3330-1] amanda security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3330-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 21, 2023 https://wiki.debian.org/LTS -...
K20934447: Linux kernel vulnerability CVE-2018-14634
Security Advisory Description An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x a...
CVE-2022-37705
A flaw was found in Amanda. The runtar SUID binary executes /usr/bin/tar as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user "amandabackup" to root...
vmwgfx Driver File Descriptor Handling Privilege Escalation Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vmwgfx Driver File Descriptor Handling Priv Esc', 'Description' = %q If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tri...
io_uring Same Type Object Reuse Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...
CVE-2022-37704
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...
Ubuntu Enlightenment Mount Priv Esc
This module exploits a command injection within Enlightenment's enlightenmentsys binary. This is done by calling the mount command and feeding it paths which meet all of the system requirements, but execute a specific path as well due to a semi-colon being used. This module was tested on Ubuntu...
CVE-2022-37703
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an...
CVE-2022-37703
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an...
CVE-2022-37703
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an...
Zyxel Firewall SUID Binary Privilege Escalation Exploit
This Metasploit module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user e.g. nobody escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall's crontab to execute an...
Zyxel Firewall SUID Binary Privilege Escalation
This module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user e.g. nobody escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall's crontab to execute an attacker...
Zyxel Firewall SUID Binary Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall SUID Binary Privilege Escalation', 'Description' = %q This module exploits CVE-2022-30526, a local privilege escalation...
CVE-2021-3864
A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a...
CVE-2021-3864
A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a...
CVE-2021-3864
CVE-2021-3864 is a local privilege-escalation flaw in the Linux kernel involving how the dumpable flag is handled for descendants of certain SUID binaries. If a SUID binary sets real UID equal to effective UID and real GID equal to effective GID, the descendant’s dumpable value can become 1, so a...
Exploit for Improper Initialization in Linux Linux_Kernel
CVE-2022-0847 Modified dirtypipe script into auto root without...
CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation
Rapid7 discovered a local privilege escalation vulnerability affecting Zyxel firewalls. The vulnerability allows a low privileged user, such as nobody, to escalate to root on affected firewalls. To exploit this vulnerability, a remote attacker must first establish shell access on the firewall, fo...
Race condition
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or...
Exploit for Improper Initialization in Linux Linux_Kernel
CVE-2022-0847 / Dirty Pipe Hacked up Dirty Pipe CVE-2022-0847...