This Metasploit module exploits an unauthenticated command injection vulnerability in Apache Spark. Successful exploitation results in remote code execution under the context of the Spark application user. The command injection occurs because Spark checks the group membership of the user passed in the ?doAs parameter by using a raw Linux command. It is triggered by a non-default setting called spark.acls.enable. This configuration setting spark.acls.enable should be set true in the Spark configuration to make the application vulnerable for this attack. Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1 are affected by this vulnerability.
2872827635148239363023f1f407242ab1de4a64b6832222c392d7a683334b7bWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
67ab23ee09a646ab8cc0ddcc985209f24f253337461e3d9644c6cfe1c097260cTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
c906e2dd959da7ea192861bc4bccddfed9bc1799826f7600255f57160fd765f8Red Hat Security Advisory 2022-6392-01 - The ovirt-host package consolidates host package requirements into a single meta package. Issues addressed include a denial of service vulnerability.
00b698c2b60f086bdbbf970efa7f900339dfc2b02977cd42519481a75bcde230Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
49695c2ea32250dc6f60d34ea01d791f6c7a8d449b5c3c62b72f902aedb970b1Red Hat Security Advisory 2022-6393-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
59c49e7becc4344481acfbc3d76e3bd89a56c7009339fce1f5ab8a92bd9d24ccRed Hat Security Advisory 2022-6258-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.31. Issues addressed include a code execution vulnerability.
9c03774205c2409f2fc031eeb76457ce7e96dea9a3a0cdf65ae28bf54eaa5970Red Hat Security Advisory 2022-6382-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
d619ce8bd4a5c41703e5fc562bb4e295f9846136a3cd2276f9073ad879c0d3f6Red Hat Security Advisory 2022-6287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.3. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
cdfa110c52d5f36c1043dcb84bbdac933a90042102886ff5182c1c46a467e01fRed Hat Security Advisory 2022-6384-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
aababcb8b99b0a53fe63adf81a2d1b89aba007d1ef1f746950db8b8b1e6d7a36Red Hat Security Advisory 2022-6385-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
f8e054aaf4aeda68f7b83233ab394912b576b18936ebafa4bdb2dabc9050d417Red Hat Security Advisory 2022-6383-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
4505de2606c4528c979ee5a6f1079f16e4c4790715ecaf4dab984c1b4ce72abdRed Hat Security Advisory 2022-6386-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
94acf7ac95a1067f9bdd44143e5b40dbf8c9911bb4717f34e83b6af948ea4057Ubuntu Security Notice 4976-2 - USN-4976-1 fixed a vulnerability in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 ESM. Dnsmasq has been updated to 2.79-1 for Ubuntu 16.04 ESM in order to fix some security issues. Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks.
4c8914290f3fa1d40ef1781cbce5f4b22938d1fd70dc2de6e5737e56ea414c4f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed