Debian DLA-2320-1 : golang-github-seccomp-libseccomp-golang security update

A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. Additionally, runc has been rebuilt with the fixed package. For Debian 9 stretch, this problem has been fixed in versi...

[SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2320-1 [email protected] https://www.debian.org/lts/security/ August 10, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2020:1568-1)

This update for nodejs10 fixes the following issues : nodejs10 was updated to version 10.21.0 CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames bsc1172442...

Linux/x86 /etc/hosts Mapping Add Polymorphic Shellcode

102 bytes small Linux/x86 add map in /etc/hosts file polymorphic shellcode. Title: Linux/x86 - Add map in /etc/hosts file polymorphic shellcode 102 bytes Author: Xenofon Vassilakopoulos Date: 2020-06-15 Tested on: Linux kali 5.3.0-kali2-686-pae 1 SMP Debian 5.3.9-3kali1 2019-11-20 i686 GNU/Linux...

macOS/x64 zsh RickRolling - Shellcode

198 bytes small macOS/x64 RickRolling shellcode. / Shellcode Title: macOS/x64 - zsh RickRolling Shellcode 198 Bytes Shellcode Author: Bobby Cooke Date: May 31st, 2020 Tested on: macOS Catalina v10.15.4 Shellcode Description: MacOS Catalina Dynamic, No-Null Shellcode that will Unmute the systems...

macOS/x64 zsh RickRolling Shellcode (198 bytes)

/ Shellcode Title: macOS/x64 - zsh RickRolling Shellcode 198 Bytes Shellcode Author: Bobby Cooke Tested on: macOS Catalina v10.15.4 Shellcode Description: MacOS Catalina Dynamic, No-Null Shellcode that will Unmute the systems Volume, set the Volume to Maximum, and "Rick Roll" the user every time...

CVE-2020-10024

The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 a...

CVE-2020-10024 ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers

The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 a...

Linux 5.6 IORING_OP_MADVISE Race Condition

Linux 5.6 has an issue with IORINGOPMADVISE racing with coredumping. Linux 5.6: IORINGOPMADVISE races with coredumping Last year, I noticed that core dumping iterates over current-mm's VMA list without proper locking, under the assumption that the VMA list can not be modified externally. This...

Linux/x64 Anti-Debug Trick INT3 Trap Shellcode (113 bytes)

113 bytes small Linux/x64 anti-debug trick INT3 trap with execve"/bin/sh" shellcode that is NULL free. / Shellcode Title: linux/x64 anti-debug trick INT3 trap + execve"/bin/sh" - NULL Free - 113 bytes Shellcode Author: Dario Castrogiovanni Tested on: LXLE Linux 18.04 x64 Description: This shellco...

Linux Kernel /proc/pid/syscall information disclosure vulnerability

Summary An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that...

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)

Exploit Title: Linux/x64 - Password Protected Bindshell + Null-free Shellcode 272 Bytes Exploit Author: Bobby Cooke Tested on: Linux x8664 SMP Debian 5.3.15-1kali1 SLAE/Student ID: PA-10913 Course: This shellcode was created for the x8664 Assembly Language and Shellcoding on Linux SLAE64 Course...

Access Control Bypass

kernel-rt is vulnerable to access control bypass. The vulnerability could allow a local, unprivileged user to bypass intended access restrictions, if those access restriction filters were based on the "syscall" number or arguments...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2020-8835

An out-of-bounds access flaw was found in the Linux kernel’s implementation of the eBPF code verifier, where an incorrect register bounds calculation while checking 32-bit instructions in an eBPF program occurs. This flaw allows an unprivileged user or process to execute eBPF programs to crash th...

CVE-2017-15128

A flaw was found in the Linux kernel where a local user with a shell account can abuse the userfaultfd syscall when using hugetlbfs. A missing size check in hugetlbmcopyatomicpte could create an invalid inode variable, leading to a kernel panic...

EulerOS 2.0 SP8 : libcomps (EulerOS-SA-2020-1293)

According to the versions of the libcomps packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make...

MGASA-2020-0136 Updated libseccomp packages fix security vulnerability

Updated libseccomp packages fix security vulnerability: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker could use this to bypass intended access restrictions for argument-filtered system call...

Updated libseccomp packages fix security vulnerability

Updated libseccomp packages fix security vulnerability: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker could use this to bypass intended access restrictions for argument-filtered system call...

DEBIAN-CVE-2020-9391

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has be...