Symantec Web Gateway version 5.0.2 remote local file inclusion root exploit.
e1cd70ed9ddc7db0a7bc45a9ac537159The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
38b0f49d62243d301a132685d7f70ab3Debian Linux Security Advisory 2472-1 - Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.
404ac289a0a3e0a879f7482cff2d8767This Metasploit module exploits a SQL injection found in Solarwinds Storage Manager login interface. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM.
9675737ed83ba23e80c220423bc6b736Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.
0962e2345c1f5dbab439c0b85f04748fThe ACTi Web Configurator 3.0 for ACTi IP Surveillance Cameras contains a directory traversal vulnerability within the cgi-bin directory. An unauthenticated remote attacker can use this vulnerability to retrieve arbitrary files that are located outside the root of the web server.
532e6e641a0c8ade262cbaa881911f2bmount.cifs chdir() allows for arbitrary file identification as root. All versions prior to 5.4 are affected.
41c9373a80e2bccfd96a9841362dc921Gentoo Linux Security Advisory 201204-6 - Multiple vulnerabilities have been found in PolicyKit, the worst of which may allow a local attacker to gain root privileges. Versions less than 0.104-r1 are affected.
8007b9b2c4cb1c8374fe1ec937097e22Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.
7815408a7ea9a2ce91b51f9320e491cfRed Hat Security Advisory 2012-0478-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
4de037de21a7b4ca59a2da53dfa2eceeUbuntu Security Notice 1420-1 - It was discovered that the NVIDIA graphics drivers could be reconfigured to gain access to arbitrary system memory. A local attacker could use this issue to possibly gain root privileges.
fcf3621d1e929a10c6ff0a8f0afed521wicd suffers from a privilege escalation vulnerability. Exploit that spawns a root shell and a patch are included.
a33a9fa0bd4815a1f8f963ca6c0d50b7Red Hat Security Advisory 2012-0466-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
f439d60b3b34f702a51295d84ff3ff80Red Hat Security Advisory 2012-0465-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
64fedab336fe0cd2aa370314bed7c0b1F5 FirePass SSL VPN versions 6.0.0 through 6.1.0 and 7.0.0 suffers from a remote SQL injection vulnerability that allows for remote root access.
10cd15f958fa609324dd54fc7960ec8eFreePBX version 2.10.0 and Elastic version 2.2.0 remote root code execution exploit.
ae2de3d3720dc24c566dbcd306379f08Aruba Networks Security Advisory - This file encapsulates two different advisories for Aruba. An OS command injection vulnerability has been discovered in the Aruba Remote Access Point's Diagnostic Web Interface. When running the diagnostic web interface, arbitrary system commands can be executed as the root user on the Remote device by an unauthenticated attacker. An EAP-TLS 802.1X user authentication bypass vulnerability was discovered during standard internal bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers with EAP-TLS 802.1X local termination enabled.
160189ed43f67e75e99520e923033d40Ubuntu Security Notice 1398-1 - Tenho Tuhkala discovered that the LTSP Display Manager (ldm) incorrectly filtered keybindings. An attacker could use the default keybindings to execute arbitrary commands as root at the login screen.
988dce399f928d7676894aaeac323dcbUbuntu Security Notice 1394-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. Vegard Nossum discovered a leak in the kernel's inotify_init() system call. A local, unprivileged user could exploit this to cause a denial of service. An error was discovered in the kernel's handling of CUSE (Character device in Userspace). A local attacker might exploit this flaw to escalate privilege, if access to /dev/cuse has been modified to allow non-root users. Various other issues were also addressed.
949df2a21262fb8d6a914e7f3f1087e3Ubuntu Security Notice 1383-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. Various other issues were also addressed.
2aaac62aa9dbea6122489977097684aaThis exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root.
f0242a5c579272779b460b669850bcd2This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
9b432fbc591d1bbb6f39d80077345078Ubuntu Security Notice 1372-1 - It was discovered that Puppet did not drop privileges when executing commands as different users. If an attacker had control of the execution manifests or the executed command, this could be used to execute code with elevated group permissions (typically root). It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files and escalate privileges. Various other issues were also addressed.
a8fee362f5465ddc778717ca3ca42f61Red Hat Security Advisory 2012-0309-03 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. Various other issues have also been addressed in this advisory.
9991e164e8b58d770c673903fdb08c50Red Hat Security Advisory 2012-0306-03 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the effective group ID change system call. If the group ID change failed, a remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.
dbe10c2c11f00b14034a1aaaea2bde67
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed