DiCal-RED version 4009 makes use of unmaintained third party components with their own vulnerabilities.
ac46a5297fc9b5ee7331f8918ab83a70fa899f2cf27a29ac3f89865c35bbf946HPE Security Bulletin HPESBGN03761 1 - A security vulnerability in Linux kernel, also known as "Dirty COW", has been addressed in HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer Virtual appliance. This vulnerability could be exploited remotely to allow escalation of privilege. Revision 1 of this advisory.
0dd6f8226b7bbd3f4d24c1a42590e546556300125d345a6bba2fc7e16c1477d2Several security issues were fixed in the kernel. Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service (system crash). Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.
42b1d7e92d487c05901f19f08b2e6c9e119556985c2054e46a019c3a3bd7bf0dHPE Security Bulletin HPESBGN03722 1 - A security vulnerability in Linux kernel, also known as "Dirty COW", has been addressed in HPE Operations Agent. This vulnerability could be exploited locally to allow escalation of privilege. Revision 1 of this advisory.
5cb236af127bf2a15a76d901615c16bafe12e3e560b3c0e9e06a8de0ca19354aHPE Security Bulletin HPESBGN03707 1 - HPE has identified two VMware security advisories affecting the HPE ConvergedSystem 700 2.0 VMware Kit. The vulnerability could be exploited remotely to allow an increase of privilege. Revision 1 of this advisory.
55d978ba3ca68cac2b6695a48f8eca40282fbad6fdcccff0f895175170c0248bHP Security Bulletin HPSBGN03680 1 - Potential security vulnerabilities were identified in HPE Propel. The vulnerabilities could be exploited locally to allow escalation of privilege or Denial of Service (DoS). Revision 1 of this advisory.
57a0b8f53e3c2c80c2ca5903690e675b6c3f71b3a6a625cac0aa6d580cc1d45dHP Security Bulletin HPSBHF03682 1 - A security vulnerability in the Linux kernel could potentially impact HPE Comware 7 network products. The vulnerability could be exploited locally to gain privileged access. Revision 1 of this advisory.
5ace745e7feeb86db5d7075ad2a92195f1a6aacff28d5f99cf61129d804628cdThis exploit uses the pokemon exploit as a base and automatically generates a new passwd line. The original /etc/passwd is then backed up to /tmp/passwd.bak and overwritten with the new line. The user will be prompted for the new password when the binary is run. After running the exploit you should be able to login with the newly created user.
302fbe1148d6c5d32476fb30dc9d34045ceec15d40ea123d00c14f4b7996e6b7Linux kernel versions 2.6.22 and below 3.9 Dirty COW PTRACE_POKEDATA race condition privilege escalation exploit that provides write access.
75ff539a8a24a8be021952f9fe3ce91740ceffe0c4f3d8a757f41198c7d94fc2Red Hat Security Advisory 2016-2133-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
37c030bbcf1cd6e45a1b8825b9a5094acebdd82a48b955df8a2df108e41be8e2Red Hat Security Advisory 2016-2132-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
3f014936d5e6091526410ca0c42c791f38f67feea489aef3f7dbc897a92adadfRed Hat Security Advisory 2016-2128-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation.
064109d1f9097273e59a95ac536bdb2ed8465248b5e65eb33343f64e67309daaRed Hat Security Advisory 2016-2127-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
c0736d65532e494126ea50be535fdef4dfabaa7b03a6ca23838cc7f02d9865d4Red Hat Security Advisory 2016-2126-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
f09a78e152c6c812ade2dfbb919a30d1f96f9f106801e89893520c4241892d11Red Hat Security Advisory 2016-2124-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
583c9262cd833df9ea9a6338f42e103bcfcb9dc8eee2293a0d6668ad40f068a1Red Hat Security Advisory 2016-2120-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
21400fd9d46011e6214b97dde47b05d64f82b4980dfff20736f6091bc98770c2Red Hat Security Advisory 2016-2118-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
1d008d08d3526b0ffa83651d4b071d5210184d075bdf650210f7f1f6b648c8e1Red Hat Security Advisory 2016-2110-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
dcb514850d3e86a0c0273e24a7a5b145048460862812fbb5c3e3ddf06f017608Red Hat Security Advisory 2016-2107-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
33d5c8940413003820f7b55af52c789b3ed4135d6da091b3d1299239046aef04Red Hat Security Advisory 2016-2106-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
5ee1932f3bf165b0bb1f48c26d8572a4bd55b15c4d79be49b93713ccf71d6ef3Red Hat Security Advisory 2016-2105-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
82319b31d25b01b70ae1f1ab268edba99ed29d75de112ac3332d7917a2aa2053Ubuntu Security Notice 3107-2 - It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges.
31ce2f6330e809daf3e92c95da58effac51eca5cbcab42fc5396225fc49784efRed Hat Security Advisory 2016-2098-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
1a7703808b61b134ce934b44a191731a72e9b982be3726705ca0fa7d7c812707DirtyCow local root proof of concept exploit that overwrites passwd.
df34e9d762c2e604ca92f005965b39f3d5c491ae429c86602f59d50276e01130This exploit demonstrates a race condition in the Linux kernel's memory subsystem and how it handles the copy-on-write (COW) breakage of private read-only memory mappings.
66f0d371847846244dcd8ca3ba1f670948e6a16d39249d179055d3ecedda7587
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed