Hello,
We have found that systems that use Dracut instead of initramfs are
also vulnerables (tested on Fedora 24 x86_64).
Regards,
Hector Marco & Ismael Ripoll.
> Hello All,
>
>
> Affected package Cryptsetup <= 2:1
>
>
> CVE-ID -- CVE-2
lso possible to remotely exploit this
vulnerability without having "physical access."
Full description:
-
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
Regards,
Hector Marco & Ismael Ripoll.
signature.asc
Description: OpenPGP
, but unfortunately it was still present
in current Linux systems.
Details at:
http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
Best,
Hector.
--
Dr. Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat
.
Details and PoC at:
http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html
A patch is already sent to Glibc maintainers. This issue is similar to
http://hmarco.org/bugs/CVE-2013-4788.html but now affect to dynamic
linked applications.
--
Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security
are configured at once (without exiting from the
menuconfig), then the system gets properly configured.
It seems that something in the PaX Kconfig files are not properly done. Could
anyone check it ? So, if you are using PaX, it worth to ensure that you are not
losing any PaX feature.
--
Hector Marco
).
Advisory details at:
http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html
--
Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)
___
Sent through
,
Hector Marco.
http://hmarco.org
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives RSS: http://seclists.org/fulldisclosure/
at:
http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
Regards,
Hector Marco.
http://hmarco.org
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives RSS: http://seclists.org
exploit, recommendations and a demonstrative video has
been
publish at: http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
Hector Marco.
http://cybersecurity.upv.es
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman
Space Layout Randomisation ASLR
And execute arbitrary code with root privileges.
Exploit, fix and discussion in:
http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html
Regards,
Hector Marco.
http://hmarco.org
Cybersecurity researcher at:
http://cybersecurity.upv.es
at:
http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html
Because we found a bug in bash = 4.3 this vulnerability can be
successfully exploited. Bash bug details at:
http://hmarco.org/bugs/bash_4.3-setuid-bug.html
Hector Marco
http://hmarco.org
are:
- dcmpsrcv
- dcmprscp
- movescu
- storescp
- dcmqrscp
- wlmscpfs
- dcmrecv
Details, patches, discussion and strategy to exploit at:
http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html
Hector Marco
http://hmarco.org
___
Sent through
this vulnerability can be
successfully exploited. Bash bug details at:
http://hmarco.org/bugs/bash_4.3-setuid-bug.html
Hector Marco
http://hmarco.org
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web
in an attack.
We strongly recommend to patch your bash code.
Why don't fix this bug by simple adding mandatory if clause ?
Any comments about this issue are welcomed.
Details at:
http://hmarco.org/bugs/bash_4.3-setuid-bug.html
Thanks you,
Hector Marco
http://hmarco.org
14 matches
Mail list logo
