Aggregator

Ubuntu Server（自 21.04 版起）默认安装的 needrestart 包中被发现存在多个已有十年历史的安全漏洞，这些漏洞可能允许本地攻击者在无需用户交互的情况下获得 root 权限。 Qualys 威胁研究部门 (TRU)于上个月初发现并报告了这些漏洞，并表示这些漏洞很容易被利用，因此用户必须迅速采取行动来修复。 据信这些漏洞自 2014 年 4 月 27 日发布的needrestart 0.8引入解释器支持以来就一直存在。 Ubuntu 在一份公告中表示：“这些 needrestart 漏洞允许本地特权升级 (LPE)，这意味着本地攻击者能够获得 root 权限” ，并指出这些问题已在 3.8 版中得到解决。“这些漏洞影响 Debian、Ubuntu 和其他 Linux 发行版。” Needrestart 是一个实用程序，它可以扫描系统以确定在应用共享库更新后需要重新启动的服务，以避免整个系统重新启动。 具体来说，如果服务正在使用过时的共享库（例如在软件包更新期间替换库），它会标记服务以进行重新启动。 由于它集成到服务器映像中，因此 needrestart 设置为在 APT 操作（如安装、升级或删除，包括无人值守升级）后自动运行。其主要作用是识别在关键库更新后需要重新启动的服务，例如 C 库 (glibc)。此过程可确保服务使用最新的库版本，而无需完全重启系统，从而提高正常运行时间和性能。 通过使用最新的库及时更新服务，needrestart 对于维护 Ubuntu Server 的安全性和效率至关重要。 Qualys 威胁研究部门发现的5个漏洞： CVE-2024-48990（CVSS 评分：7.8） – 该漏洞允许本地攻击者通过诱骗 needrestart 使用攻击者控制的 PYTHONPATH 环境变量运行 Python     解释器，从而以 root 身份执行任意代码 CVE-2024-48991（CVSS 评分：7.8） – 该漏洞允许本地攻击者通过赢得竞争条件并诱骗 needrestart 运行自己的伪 Python 解释器，以 root     身份执行任意代码 CVE-2024-48992（CVSS 评分：7.8） – 该漏洞允许本地攻击者通过诱骗 needrestart 使用攻击者控制的 RUBYLIB 环境变量运行 Ruby 解释器，从而以     root 身份执行任意代码 CVE-2024-11003（CVSS 评分：7.8）和CVE-2024-10224（CVSS 评分：5.3）- 这两个漏洞允许本地攻击者利用libmodule-scandeps-perl 软件包（版本 1.36 之前）中的问题以 root 身份执行任意 shell 命令 成功利用上述缺陷可以允许本地攻击者为 PYTHONPATH 或 RUBYLIB 设置特 制的环境变量，从而导致在运行 needrestart 时执行指向攻击者环境的任意代码。 Ubuntu 指出：“在 CVE-2024-10224 中，[…] 攻击者控制的输入可能导致 Module::ScanDeps Perl 模块通过 open() 一个‘讨厌的管道’（例如通过传递‘commands|’作为文件名）或通过将任意字符串传递给 eval() 来运行任意 shell 命令。” “就其本身而言，这不足以实现本地权限提升。然而，在 CVE-2024-11003 中，needrestart 将攻击者控制的输入（文件名）传递给 Module::ScanDeps，并以 root 权限触发CVE-2024-10224。CVE-2024-11003 的修复消除了 needrestart 对 Module::ScanDeps 的依赖。” 虽然强烈建议用户下载最新的补丁，Ubuntu 表示用户可以根据需要禁用解释器扫描器，重新启动配置文件作为临时缓解措施，并确保在应用更新后恢复更改。 Qualys 公司 TRU 产品经理 Saeed Abbasi 表示：“needrestart 实用程序中的这些漏洞允许本地用户通过在软件包安装或升级期间执行任意代码来提升其权限，其中 needrestart 通常以 root 用户身份运行。” “利用这些漏洞的攻击者可以获得 root 访问权限，从而损害系统完整性和安全性。” 参考漏洞公告: https://blog.qualys.com/vulnerabilities-threat-research/2024/11/19/qualys-tru-uncovers-five-local-privilege-escalation-vulnerabilities-in-needrestart https://ubuntu.com/blog/needrestart-local-privilege-escalation       转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/VzdXqbGwPXAfqoXZi_9mxA 封面来源于网络，如有侵权请联系删除  

アイホン株式会社が提供するIPネットワーク対応インターホンIXシステム、IXGシステムおよびシステム支援ソフトには、複数の脆弱性が存在します。

雷德菲尔德进而点明这些研究资金的都与北卡罗来纳大学的研究员拉尔夫·巴里克博士相关，他是这一切背后的“科学策划者”。

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

A vulnerability classified as critical was found in Apple iOS up to 9.0. This vulnerability affects the function AtomicBufferedFile of the component Security. The manipulation leads to double free. This vulnerability was named CVE-2015-6983. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apple Mac OS X up to 10.11.0. This affects an unknown part of the component Security. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2015-6983. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple Mac OS X up to 10.11.0. This vulnerability affects unknown code of the component SecurityAgent. The manipulation leads to 7pk security features. This vulnerability was named CVE-2015-5943. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Mac OS X up to 10.11.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Sandbox. The manipulation leads to improper input validation. This vulnerability is known as CVE-2015-5945. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Mac OS X up to 10.11.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Script Editor. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2015-7007. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Mac OS X up to 10.11.0 and classified as critical. This issue affects some unknown processing of the component OpenGL. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2015-5924. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

EmbedPayloadInPng Embed a payload within a PNG file by splitting the payload across multiple IDAT sections. Each section is encrypted individually using its own 16-byte key with the RC4 encryption algorithm. Implementation This repository consists...

The post EmbedPayloadInPng: Embed a payload inside a PNG file appeared first on Penetration Testing Tools.

A vulnerability classified as very critical has been found in Bpftp BulletProof FTP Client 2.63. Affected is an unknown function of the component FTP Client. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2008-5753. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Joomlaapps Com Mdigg 2.2.8. Affected is an unknown function of the file index.php. The manipulation of the argument cagtegory leads to sql injection. This vulnerability is traded as CVE-2008-6149. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in ILIAS 3.7.0/3.7.1/3.7.2/3.7.3/3.7.4. Affected is an unknown function of the file repository.php. The manipulation of the argument ref_id leads to sql injection. This vulnerability is traded as CVE-2008-5816. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Raven-worx liveticker 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument tid leads to sql injection. The identification of this vulnerability is CVE-2008-6148. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Ice Gallery 0.5 on Joomla and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument catid leads to sql injection. This vulnerability is known as CVE-2008-6852. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Joomlahbs Hotel Booking Reservation System. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2008-5874. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Popeye – A Kubernetes Cluster Sanitizer Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what’s deployed and not...

The post popeye: Kubernetes cluster resource sanitizer appeared first on Penetration Testing Tools.

Bypass Url Parser A tool that tests MANY urls bypasses to reach a 40X protected page. If you wonder why this code is nothing but a dirty curl wrapper, here’s why: Most of the python requests...

The post Bypass Url Parser: tests many url bypasses to reach a 40X protected page appeared first on Penetration Testing Tools.