Title: Hue 3.7.1 Local Privilege Escalation
Author: Julian Horoszkiewicz
Description:
An issue with hue-root privilege separation model has been identified. The
reason for this is that /usr/lib/hue/build/env/bin/supervisor python script
is by default owned by user hue, but executed as root. That
https://blog.fuzzing-project.org/11-Read-heap-overflow-invalid-memory-access-in-Wireshark-TFPA-0072015.html
The Wireshark parser code for Android Logcat network packages contained
a read heap overflow in the function detect_version().
This issue was reported to the Wireshark developers on May
(IP)0
TRUEWAN Miniport (IPv6) 0
TRUERAS Async Adapter0
- How to detect a promiscuous interface by using WMIC
http://d.hatena.ne.jp/EijiYoshida/20150514/1431621603
--
Eiji James Yoshida
Security Professionals Network Inc
Title: Ambari Server 1.7.0 Local Privilege Escalation
Author: Julian Horoszkiewicz
Description:
An issue with ambari-root privilege separation model has been identified.
The reason for this is that /var/lib/ambari-server/ambari-env.sh script is
by default owned by user ambari, but executed as
Part 4 is up. An undersized malloc() during firmware decoding puts our
hopes and dreams of persistent exploitation in peril.
http://shadow-file.blogspot.com/2015/05/abandoned-part-04.html
If you care to follow along, remote debugging with IDA Pro and QEMU
will be useful, particularly starting in