CVE-2018-1000030

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are...

PSF-2018-2 Python 2.7 readahead is not thread safe

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are...

Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption

Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer module CVE-2017-17090 - AST-2017-013 Tested on: Asterisk 13.17.2dfsg-2 Description: Asterisk is prone to a remote unauthenticated memory exhaustion The vulnerability is due to an error when the...

kernel: keyctl_set_reqkey_keyring() leaks thread keyrings

A vulnerability was found in the Linux kernel where the keyctlsetreqkeykeyring function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

kernel: keyctl_set_reqkey_keyring() leaks thread keyrings

A vulnerability was found in the Linux kernel where the keyctlsetreqkeykeyring function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS...

kernel: keyctl_set_reqkey_keyring() leaks thread keyrings

A vulnerability was found in the Linux kernel where the keyctlsetreqkeykeyring function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS...

RHEL 7 : kernel-rt (RHSA-2018:0152)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0152 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Fedora 27 : glibc (2018-7714b514e2)

This update addresses two security vulnerabilities : - CVE-2017-16997: Check for empty tokens before dynamic string token expansion in the dynamic linker, so that pre-existing privileged programs with $ORIGIN rpaths/runpaths do not cause the dynamic linker to search the current directory,...

Fedora 26 : glibc (2018-8e27ad96ed)

This update addresses two security vulnerabilities : - CVE-2017-15670, CVE-2017-15671, CVE-2017-15804: Various vulnerabilities could lead to memory corruption in the glob and glob64 function. RHBZ1505298, RHBZ1504807 - CVE-2017-16997: Check for empty tokens before dynamic string token expansion i...

OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)

It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out...

CODE EXECUTION (CVE-2018-5189) WALKTHROUGH ON JUNGO WINDRIVER 12.5.1

INTRODUCTION Windows kernel exploitation can be a daunting area to get into. There are tons of helpful tutorials out there and originally this post was going to add to that list. This is the story of how I found CVE-2018-5189 and a complete walkthrough of the exploit development cycle. The idea w...

openSUSE Security Update : gifsicle (openSUSE-2018-42)

This update for gifsicle to version 1.91 fixes several issues. These security issues were fixed : - Prevent double free by setting lastname to NULL - Prevent NULL pointer dereference for crafted images This non-security issue was fixed : - Add thread support for resizing For other changes please...

CVE-2017-13197

In the ihevcdparseslice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1...

Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass Exploit

Exploit for windows platform in category dos / poc / Windows: NTFS Owner/Mandatory Label Privilege Bypass EoP Platform: Windows 10 1709 not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summary: When creating a new file on an NTFS drive it’s possible to circumvent security checks...

[SECURITY] Fedora 27 Update: heimdal-7.5.0-1.fc27

Kerberos 5 is a network authentication and single sign-on system. Heimdal is a free Kerberos 5 implementation without export restrictions written from the spec rfc1510 and successors including advanced features like thread safety, IPv6, master-slave replication of Kerberos Key Distribution Center...

Jungo Windriver 12.5.1 - Local Privilege Escalation

// ConsoleApplication1.cpp : Defines the entry point for the console application. // include "stdafx.h" include include define device L"\\.\WINDRVR1251" define SPRAYSIZE 30000 typedef NTSTATUSWINAPI PNtAllocateVirtualMemory HANDLE ProcessHandle, PVOID BaseAddress, ULONG ZeroBits, PULONG...

[SECURITY] Fedora 26 Update: heimdal-7.5.0-1.fc26

Kerberos 5 is a network authentication and single sign-on system. Heimdal is a free Kerberos 5 implementation without export restrictions written from the spec rfc1510 and successors including advanced features like thread safety, IPv6, master-slave replication of Kerberos Key Distribution Center...

Denial of Service Vulnerability in ForceControl V7.2 Product NetServer.exe

ForceControl is the configuration software developed by ForceControl Technology for the general monitoring and control configuration software market. As the basic platform software in industrial automation software, ForceControl can provide solutions for all kinds of industries. A denial of servi...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...