47 matches found
CVE-2010-2064
rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on 1 /tmp/portmap.xdr and 2 /tmp/rpcbind.xdr...
EulerOS 2.0 SP8 : dbus (EulerOS-SA-2019-1767)
According to the version of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less...
EulerOS 2.0 SP2 : dbus (EulerOS-SA-2019-1727)
According to the version of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less...
CVE-2019-12749
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses of dbus-daemon, allows cookie spoofing because of symlink mishandling in the reference implementation of DBUSCOOKIESHA1 in the libdbus...
AZL-6371 CVE-2019-12749 affecting package dbus for versions less than 1.13.6-9
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses of dbus-daemon, allows cookie spoofing because of symlink mishandling in the reference implementation of DBUSCOOKIESHA1 in the libdbus...
DEBIAN-CVE-2019-12749
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses of dbus-daemon, allows cookie spoofing because of symlink mishandling in the reference implementation of DBUSCOOKIESHA1 in the libdbus...
UBUNTU-CVE-2019-12749
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses of dbus-daemon, allows cookie spoofing because of symlink mishandling in the reference implementation of DBUSCOOKIESHA1 in the libdbus...
Ubuntu: Security Advisory (USN-3480-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS : Apport regressions (USN-3480-2)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3480-2 advisory. USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their...
USN-3480-2 apport regressions
USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled crash...
USN-3480-2: Apport regressions
USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled crash...
Ubuntu 15.04 (Dev) - Upstart Logrotation Privilege Escalation Vulnerability
Exploit for linux platform in category local exploits Source: http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/ Introduction Problem description: Ubuntu Vivid 1504 development branch installs an insecure upstart logrotation script which will read user-supplied data from...
UBUNTU-CVE-2017-6507
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due ...
Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 1.3 security and bug fix update
An update is now available for Red Hat Ceph Storage 1.3. This erratum is for Red Hat Ceph Storage that runs on Ubuntu 14.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...
Metasploit Service Persistence Module
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Service Persistence', 'Description' = %q This module will create a service on the box, and mark it for auto-restart. We need enough access to writ...
Service Persistence
This module will create a service on the box, and mark it for auto-restart. We need enough access to write service files and potentially restart services Targets: System V: CentOS = 9, = 9.10, = 7, = 15 Ubuntu = 15.04 Note: System V won't restart the service if it dies, only an init change reboot...
SideDoor - Debian/Ubuntu Backdoor Using A Reverse SSH Tunnel
sidedoor maintains a reverse tunnel to provide a backdoor. sidedoor can be used to remotely control a device behind a NAT. sidedoor is packaged for Debian-based systems with systemd or upstart. It has been used on Debian 8 jessie and Ubuntu 14.04 LTS trusty. The sidedoor user has full root access...
Ubuntu Vivid logrotation script local elevation of privilege vulnerability
Ubuntu Vivid is a linux-based distribution. A security vulnerability in the logrotation script /etc/cron.daily/upstart in Ubuntu Vivid Ubuntu Upstart allows local attackers to execute commands with elevated privileges...
CVE-2015-2285
The logrotation script /etc/cron.daily/upstart in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user//upstart/sessions/...
CVE-2015-2285
The logrotation script /etc/cron.daily/upstart in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user//upstart/sessions/...