This tool can be used to exploit vulnerable versions of RichFaces. It has payloads for 4 vulnerabilities that have been identified, which can lead to remote code execution via java deserialization and EL injection.
648af6bc429ca530648d01005b86d127e64fe5a21538da847835939211cb2f63
This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users need to be included when /etc/passwd is overwritten, else AIX will throw 'Cannot get "LOGNAME" variable' when attempting to change user. The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX, and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when overwriting /etc/passwd.
cdb60dbe662ae825c2e68b4e3467951ff4065037e1a4c7ab93afe4fd720eaf44
This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This module has been tested with CentOS 7 (1708). CentOS default install will require console auth for the users session. Xorg must have SUID permissions and may not start if running. On successful exploitation artifacts will be created consistent with starting Xorg.
9377740962fb859c56e4c74db8eb408580293ddee8808bfba3b45eda70d58cd2
Red Hat Security Advisory 2019-2541-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
3464c1d8bfdc97a640e38d765f632fa6360eff8630f8a1cf93c2cfcfcd9e5d87
Red Hat Security Advisory 2019-2538-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a bypass vulnerability.
e3c770ed478538592f866023514682c00b16438d67cc36341fc00e9d79b798bb
Ubuntu Security Notice 4035-1 - It was discovered that Ceph incorrectly handled read only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 16.04 LTS. It was discovered that Ceph incorrectly handled certain OMAPs holding bucket indices. An authenticated attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
85436c925c63103095d0ad444af8d9ef4922926097f5c1fdde3ab59dcf521e93
Red Hat Security Advisory 2019-1222-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include cross site scripting and denial of service vulnerabilities.
cd29c11c06e83969192b1ae43feda49d6781d1f91c57986b0a9131894454a643
Gentoo Linux Security Advisory 201904-6 - Multiple vulnerabilities have been found in GlusterFS, the worst of which could result in the execution of arbitrary code. Versions less than 4.1.8 are affected.
043fd8e80fc0cf57260f877078d16e4c53b33b4af150e6f0c8c6dc52016164d4
xorg-x11-server versions prior to 1.20.3 Solaris 11 inittab local privilege escalation exploit.
f395fa6075c97d0f6a5281e7569a3262f4c8a507bf9f6ed087f0ecc2779560ef
Xorg X11 server on AIX local privilege escalation exploit.
fdeb1b36f96691504fb5e84f75c6cdb5cd0544822f4eee060f585ebb37ee6e2d
xorg-x11-server versions prior to 1.20.3 modulepath local privilege escalation exploit.
c9a8fc53361d358a0cff26b98407e45b20d095dc75d70b378fb8eea42a279036
This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This Metasploit module has been tested with OpenBSD 6.3, 6.4, and CentOS 7 (1708). CentOS default install will require console auth for the users session. Cron launches the payload so if Selinux is enforcing exploitation may still be possible, but the module will bail. Xorg must have SUID permissions and may not start if running. On exploitation a crontab.old backup file will be created by Xorg. This Metasploit module will remove the .old file and restore crontab after successful exploitation. Failed exploitation may result in a corrupted crontab. On successful exploitation artifacts will be created consistent with starting Xorg and running a cron.
720e628b35284931ff0424715e648634cd3ec31db1a89c8b1fff88eddfb6f4ab
Richfaces version 3.x suffers from a remote code execution vulnerability.
5dfbb32d43674a8fbcf00a8b17109c6edc2aa21bc7c6922d64c36ba5c89fcce7
Red Hat Security Advisory 2018-3581-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This asynchronous patch is a security update for the RichFaces package in standalone versions of Red Hat JBoss BRMS 5.3.1. Issues addressed include a code execution vulnerability.
f7369141e3c8f354bc5d5866d630ec080bd6112fae215fde5811e98e1830d7cb
xorg-x11-server versions prior to 1.20.1 local privilege escalation exploit.
fb77fab828d8d0bab406044be7355eb91d3ce8026b117ae80f463ff6657192d5
Red Hat Security Advisory 2018-3519-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss SOA Platform 5.3.1. Issues addressed include a code execution vulnerability.
77c3116fd25fb2be3da1c55cc7fe5509a4c599cd5c8189a6c1fc9e5c55766c8e
Red Hat Security Advisory 2018-3518-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
ac8bf2c688d4777e473c034aebe746ff9c216a93cdc11d6723447e51a35e58bb
Red Hat Security Advisory 2018-3517-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
663f8e8218e5c255e7ccfa37e54ee2894185be388adca7b633fb7e7bf7035c9b
Red Hat Security Advisory 2018-3470-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, denial of service, deserialization, and format string vulnerabilities.
9e8155ff0d32478283821315ef01b373ffb94a7f3e9c04679d7c9bfd1ff773d5
Red Hat Security Advisory 2018-3432-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include buffer overflow, denial of service, and format string vulnerabilities.
562b0315ae1759a5ca7d3a1f86b3dc22ad0ec010d9dc8cb5fdba3a09c63b91ea
Red Hat Security Advisory 2018-3431-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include buffer overflow, denial of service, and format string vulnerabilities.
9eb04dea3e222b66616044f31b40d06c195f930fff2d320e0bb3cc13d1f728f6
Red Hat Security Advisory 2018-3410-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include a privilege escalation vulnerability.
57de9c4177c68c1ac4cae9bd9b25328f8ef9de465badf48b6c789d6d9b258ab5
Gentoo Linux Security Advisory 201810-9 - A vulnerability in X.Org X Server allows local users to escalate privileges. Versions less than 1.20.3 are affected.
29cdffb4731e8b668eef2cc7319c30aaf59b87a69d7e98f2b69c2c590b4b2b8c
xorg-x11-server version 1.20.3 privilege escalation exploit.
44e3595b1823ca1e39ba5878cc28006b66ed111988fc108df3838c650e54ef1b
Ubuntu Security Notice 3802-1 - Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges.
3e1800b73c06b9c5d9e9432c23ff8f3942aa93d0c796d9685eac915ed9e32c29