Ubuntu Security Notice 2908-3 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.
8716f9dfa5387ac6e3e6ff94510d7161d98367b8036548e12a2e1d81732e1f1cUbuntu Security Notice 2908-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.
07596e6ec12eeb907c4ab0d2cdc1c2ab789da78a8039e9d891d2a3f13f37c5f4Ubuntu Security Notice 2907-2 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.
963e536d218f0e81e41ebb8a8147fbedb301ff6538499599412b9b5c1093f890Ubuntu Security Notice 2907-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.
fdac4052fa0c407475c40375a8f0dfb58fed0c920779bbb4203e890183fb094eRed Hat Security Advisory 2016-0225-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.
36bb67815bd7e37f3beda38548970f1dc500e60b18ee2344ee80be50c5f3fdc6Red Hat Security Advisory 2016-0176-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.
cb26d916df37d2282250c405f15e20226153e6df9e8e3e0b9d8911eda607768aRed Hat Security Advisory 2016-0175-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.
250da49162f89ae85605b47646659f001c5b45318d448d14ed1f4d5a1b608c74OS X suffers from a privilege escalation vulnerability due to XPC type confusion in sysmond.
84ce6959cd03e4fc99b8bddfeb6aeb14ae2f9faa1682d524c3ff80126ea1fdfeiOS / OS X kernels suffer from a use-after-free / double free vulnerability due to lack of locking in IOHDIXControllUserClient:clientClose.
adb1b7847f70f13cf0c6ea874eee96b6c0668190e0c8da0a1d59183341cb8770iOS / OS X suffer from a kernel double free due to lack of locking in Iokit registry iterator manipulation.
8165a567612f28c0b556478f27c6f67dcb0caeb69b674c8e9e622681a9e157deiOS and OS X suffers from a kernel code execution vulnerability due to an integer overflow in NECP system control socket packet parsing.
a90f8ff051275e3a2763ebcc399a8891e5415fd85649de1e7df1f7d097d14c5eiOS and OS X suffer from a kernel code execution vulnerability via double-delete in IOHIDEventQueue:start due to incorrect error handling.
6ac15af258a146b8752ac818073462c4ae8b5c574c8d1f8ee6cb3d0d6bc85d9fApple Security Advisory 2016-01-19-2 - OS X El Capitan 10.11.3 and Security Update 2016-001 are now available and address memory corruption, code execution, and privilege escalation vulnerabilities.
100bff59d0f404f5edd70e97d638dbeff75a49bfaed850a3f6f6bf7da7f8c8faApple Security Advisory 2015-12-08-3 - OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses 54 vulnerabilities.
78e2a97a16b2ff481c45ddbbba9833cf2d0f52000284853fc1795caaaf5b2c92Red Hat Security Advisory 2015-2589-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap. A local attacker could potentially use this flaw to execute arbitrary code on the system. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.
500d94725a7bca027910198d11bcaf63c36b7385c61ae995036c7436f222d112Mac OS X version 10.11 suffered from an FTS deep structure of the file system buffer overflow vulnerability.
ae3851256e0ee57573fd3cac02fe7bcf26b41cfc7bbf09ad64cb3dfcdae81556The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
581e1746384263a01a8d4def828d291e707fca3788d9302c1e57edb457db18aeRed Hat Security Advisory 2015-2172-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap in certain cases. A local attacker could potentially use this flaw to escalate their privileges.
85b19fac93010af8ff49962e528a4a1656adaf223c5b448e01bf25afe054dd99Red Hat Security Advisory 2015-2199-07 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.
f94e9bae1ee9312a7c4a7f82ecb9725f410c0b7a137de93a1b8c44897482e087This Metasploit module writes to the sudoers file without root access by exploiting rsh and malloc log files. Makes sudo require no password, giving access to su even if root is disabled. Works on OS X 10.9.5 to 10.10.5 (patched on 10.11).
1959cf26f98a303dd73293b46328a6156cc9e858b22283d3803da877cf76e849In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by hooking the cmd-key keypress event, a user can be tricked into running arbitrary Applescript code. Gatekeeper should be disabled from Security and Privacy in order to avoid the unidentified Developer prompt.
9ce25e64b927af84c807e90aff34d53a6d9d3e37334d7f8087944eb2e190924fApple Security Advisory 2015-10-21-8 - OS X Server 5.0.15 is now available and addresses BIND and bypass vulnerabilities.
412ab3e71955416d2cd012b8f149b98e2a4f5c4bbbe6020dfd2cfa90f0615729Apple Security Advisory 2015-10-21-4 - OS X El Capitan 10.11.1 and Security Update 2015-007 are now available and address memory corruption, code execution, and various other vulnerabilities.
29b89a7f94c21f47037df252cf87e2917cad436a38b6f9faf840a0c7ee609335The default root-suid binary /usr/bin/rsh on Mac OS X uses execv() in an insecure manner. /usr/bin/rsh will invoke /usr/bin/rlogin if launched with only a host argument, without dropping privileges or clearing the environment. This exploit will pass "MallocLogFile" to /usr/bin/rsh, which is then passed on to rlogin and interpreted by libmalloc to create a root-owned file with partially controlled contents at /etc/crontab which gives a rootshell via sudo. Tested on 10.9.5 / 10.10.5 but it most likely works on much older versions too.
57369dae3073aa171e586034196b70f67cf18695ca619dddcbe2f77bfce377a9Apple Security Advisory 2015-09-30-03 - OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases.
7a0709c784a5d4fb9ea404af89915bb4719339d731eebc17ca1e750e0b02747c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed