Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 08:01:21 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2233990164&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Root%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Froot%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2233990164.1338192081.1338192081.1338192081.1%3B%2B__utmz%3D32867617.1338192081.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113050/symantecwg-lfi.txt http://packetstormsecurity.org/files/113050/symantecwg-lfi.txt http://packetstormsecurity.org/files/113050/Symantec-Web-Gateway-5.0.2-Local-File-Inclusion.html Sat, 26 May 2012 15:04:17 GMT Symantec Web Gateway version 5.0.2 remote local file inclusion root exploit. http://packetstormsecurity.org/files/112940/mandos_1.5.4.orig.tar.gz http://packetstormsecurity.org/files/112940/mandos_1.5.4.orig.tar.gz http://packetstormsecurity.org/files/112940/Mandos-Encrypted-File-System-Unattended-Reboot-Utility-1.5.4.html Sun, 20 May 2012 19:11:11 GMT The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system. http://packetstormsecurity.org/files/112781/dsa-2472-1.txt http://packetstormsecurity.org/files/112781/dsa-2472-1.txt http://packetstormsecurity.org/files/112781/Debian-Security-Advisory-2472-1.html Wed, 16 May 2012 22:46:40 GMT Debian Linux Security Advisory 2472-1 - Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes. http://packetstormsecurity.org/files/112478/solarwinds_storage_manager_sql.rb.txt http://packetstormsecurity.org/files/112478/solarwinds_storage_manager_sql.rb.txt http://packetstormsecurity.org/files/112478/Solarwinds-Storage-Manager-5.1.0-SQL-Injection.html Sun, 06 May 2012 01:33:10 GMT This Metasploit module exploits a SQL injection found in Solarwinds Storage Manager login interface. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM. http://packetstormsecurity.org/files/112450/ransack.sh.txt http://packetstormsecurity.org/files/112450/ransack.sh.txt http://packetstormsecurity.org/files/112450/Ransack-Post-Exploitation-Tool.html Thu, 03 May 2012 23:09:12 GMT Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable. http://packetstormsecurity.org/files/112229/DDIVRT-2012-41.txt http://packetstormsecurity.org/files/112229/DDIVRT-2012-41.txt http://packetstormsecurity.org/files/112229/ACTi-Web-Configurator-cgi-bin-Directory-Traversal.html Thu, 26 Apr 2012 22:49:23 GMT The ACTi Web Configurator 3.0 for ACTi IP Surveillance Cameras contains a directory traversal vulnerability within the cgi-bin directory. An unauthenticated remote attacker can use this vulnerability to retrieve arbitrary files that are located outside the root of the web server. http://packetstormsecurity.org/files/112172/chdir-identify.txt http://packetstormsecurity.org/files/112172/chdir-identify.txt http://packetstormsecurity.org/files/112172/mount.cifs-chdir-File-Identification.html Wed, 25 Apr 2012 18:35:42 GMT mount.cifs chdir() allows for arbitrary file identification as root. All versions prior to 5.4 are affected. http://packetstormsecurity.org/files/111930/glsa-201204-06.txt http://packetstormsecurity.org/files/111930/glsa-201204-06.txt http://packetstormsecurity.org/files/111930/Gentoo-Linux-Security-Advisory-201204-06.html Wed, 18 Apr 2012 07:24:24 GMT Gentoo Linux Security Advisory 201204-6 - Multiple vulnerabilities have been found in PolicyKit, the worst of which may allow a local attacker to gain root privileges. Versions less than 0.104-r1 are affected. http://packetstormsecurity.org/files/111839/USN-1423-1.txt http://packetstormsecurity.org/files/111839/USN-1423-1.txt http://packetstormsecurity.org/files/111839/Ubuntu-Security-Notice-USN-1423-1.html Fri, 13 Apr 2012 19:37:57 GMT Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user. http://packetstormsecurity.org/files/111837/RHSA-2012-0478-01.txt http://packetstormsecurity.org/files/111837/RHSA-2012-0478-01.txt http://packetstormsecurity.org/files/111837/Red-Hat-Security-Advisory-2012-0478-01.html Fri, 13 Apr 2012 19:35:18 GMT Red Hat Security Advisory 2012-0478-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user. http://packetstormsecurity.org/files/111761/USN-1420-1.txt http://packetstormsecurity.org/files/111761/USN-1420-1.txt http://packetstormsecurity.org/files/111761/Ubuntu-Security-Notice-USN-1420-1.html Wed, 11 Apr 2012 15:20:50 GMT Ubuntu Security Notice 1420-1 - It was discovered that the NVIDIA graphics drivers could be reconfigured to gain access to arbitrary system memory. A local attacker could use this issue to possibly gain root privileges. http://packetstormsecurity.org/files/111752/wicd-escalate.txt http://packetstormsecurity.org/files/111752/wicd-escalate.txt http://packetstormsecurity.org/files/111752/wicd-Privilege-Escalation.html Wed, 11 Apr 2012 15:04:27 GMT wicd suffers from a privilege escalation vulnerability. Exploit that spawns a root shell and a patch are included. http://packetstormsecurity.org/files/111737/RHSA-2012-0466-01.txt http://packetstormsecurity.org/files/111737/RHSA-2012-0466-01.txt http://packetstormsecurity.org/files/111737/Red-Hat-Security-Advisory-2012-0466-01.html Wed, 11 Apr 2012 14:21:17 GMT Red Hat Security Advisory 2012-0466-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user. http://packetstormsecurity.org/files/111735/RHSA-2012-0465-01.txt http://packetstormsecurity.org/files/111735/RHSA-2012-0465-01.txt http://packetstormsecurity.org/files/111735/Red-Hat-Security-Advisory-2012-0465-01.html Wed, 11 Apr 2012 14:20:53 GMT Red Hat Security Advisory 2012-0465-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user. http://packetstormsecurity.org/files/111276/SA-20120328-0.txt http://packetstormsecurity.org/files/111276/SA-20120328-0.txt http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html Thu, 29 Mar 2012 02:40:17 GMT F5 FirePass SSL VPN versions 6.0.0 through 6.1.0 and 7.0.0 suffers from a remote SQL injection vulnerability that allows for remote root access. http://packetstormsecurity.org/files/111130/freepbx2100-exec.txt http://packetstormsecurity.org/files/111130/freepbx2100-exec.txt http://packetstormsecurity.org/files/111130/FreePBX-2.10.0-Elastic-2.2.0-Remote-Code-Execution.html Fri, 23 Mar 2012 23:43:18 GMT FreePBX version 2.10.0 and Elastic version 2.2.0 remote root code execution exploit. http://packetstormsecurity.org/files/110996/AID-031912.txt http://packetstormsecurity.org/files/110996/AID-031912.txt http://packetstormsecurity.org/files/110996/Aruba-Networks-Security-Advisory-031912.html Tue, 20 Mar 2012 00:28:14 GMT Aruba Networks Security Advisory - This file encapsulates two different advisories for Aruba. An OS command injection vulnerability has been discovered in the Aruba Remote Access Point's Diagnostic Web Interface. When running the diagnostic web interface, arbitrary system commands can be executed as the root user on the Remote device by an unauthenticated attacker. An EAP-TLS 802.1X user authentication bypass vulnerability was discovered during standard internal bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers with EAP-TLS 802.1X local termination enabled. http://packetstormsecurity.org/files/110717/USN-1398-1.txt http://packetstormsecurity.org/files/110717/USN-1398-1.txt http://packetstormsecurity.org/files/110717/Ubuntu-Security-Notice-USN-1398-1.html Tue, 13 Mar 2012 01:01:54 GMT Ubuntu Security Notice 1398-1 - Tenho Tuhkala discovered that the LTSP Display Manager (ldm) incorrectly filtered keybindings. An attacker could use the default keybindings to execute arbitrary commands as root at the login screen. http://packetstormsecurity.org/files/110534/USN-1394-1.txt http://packetstormsecurity.org/files/110534/USN-1394-1.txt http://packetstormsecurity.org/files/110534/Ubuntu-Security-Notice-USN-1394-1.html Wed, 07 Mar 2012 23:14:40 GMT Ubuntu Security Notice 1394-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. Vegard Nossum discovered a leak in the kernel's inotify_init() system call. A local, unprivileged user could exploit this to cause a denial of service. An error was discovered in the kernel's handling of CUSE (Character device in Userspace). A local attacker might exploit this flaw to escalate privilege, if access to /dev/cuse has been modified to allow non-root users. Various other issues were also addressed. http://packetstormsecurity.org/files/110483/USN-1383-1.txt http://packetstormsecurity.org/files/110483/USN-1383-1.txt http://packetstormsecurity.org/files/110483/Ubuntu-Security-Notice-USN-1383-1.html Tue, 06 Mar 2012 23:57:45 GMT Ubuntu Security Notice 1383-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. Various other issues were also addressed. http://packetstormsecurity.org/files/110186/hp_data_protector_cmd_exec.rb.txt http://packetstormsecurity.org/files/110186/hp_data_protector_cmd_exec.rb.txt http://packetstormsecurity.org/files/110186/HP-Data-Protector-6.1-EXEC_CMD-Remote-Code-Execution.html Fri, 24 Feb 2012 23:07:48 GMT This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root. http://packetstormsecurity.org/files/110165/java_ws_vmargs.rb.txt http://packetstormsecurity.org/files/110165/java_ws_vmargs.rb.txt http://packetstormsecurity.org/files/110165/Sun-Java-Web-Start-Plugin-Command-Line-Argument-Injection-2012.html Fri, 24 Feb 2012 06:12:06 GMT This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. http://packetstormsecurity.org/files/110143/USN-1372-1.txt http://packetstormsecurity.org/files/110143/USN-1372-1.txt http://packetstormsecurity.org/files/110143/Ubuntu-Security-Notice-USN-1372-1.html Fri, 24 Feb 2012 03:51:30 GMT Ubuntu Security Notice 1372-1 - It was discovered that Puppet did not drop privileges when executing commands as different users. If an attacker had control of the execution manifests or the executed command, this could be used to execute code with elevated group permissions (typically root). It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files and escalate privileges. Various other issues were also addressed. http://packetstormsecurity.org/files/110019/RHSA-2012-0309-03.txt http://packetstormsecurity.org/files/110019/RHSA-2012-0309-03.txt http://packetstormsecurity.org/files/110019/Red-Hat-Security-Advisory-2012-0309-03.html Tue, 21 Feb 2012 15:41:00 GMT Red Hat Security Advisory 2012-0309-03 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. Various other issues have also been addressed in this advisory. http://packetstormsecurity.org/files/110004/RHSA-2012-0306-03.txt http://packetstormsecurity.org/files/110004/RHSA-2012-0306-03.txt http://packetstormsecurity.org/files/110004/Red-Hat-Security-Advisory-2012-0306-03.html Tue, 21 Feb 2012 15:29:22 GMT Red Hat Security Advisory 2012-0306-03 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the effective group ID change system call. If the group ID change failed, a remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.