This update fixes an issue in the dynamic_fork mem_execute implementation used by some privilege escalation exploits.
This update add verification for CVE-2014-6278 to all available attack
vectors.
vectors.
Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly validate user-supplied input when handling HTTP POST requests.
A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer without boundary check leading to overwrite the SEH and the return address.
The copying procedure stops when a null word is found and no size check is proceeded.
The copying procedure stops when a null word is found and no size check is proceeded.
This update adds a SMB file share server. This server is useful for serving files such as libraries or binary exectuables necessary for triggering or executing a remote attack.
This module exploits a stack-based buffer overflow in ovopi.dll which listens by default on a UDP port 696. When parsing option -L, the process blindly copies user supplied data into a fixed-length buffer allowing for an arbitrary write to occur.
Yokogawa CENTUM is prone to a buffer overflow when handling a specially crafted packet through BKCLogSrv.exe on UDP port 52302
A vulnerability in GNU Bash when processing trailing strings after function definitions in the values of environment variables allows remote attackers to execute arbitrary code via a crafted environment.
This vulnerability can be leveraged to bypass restricted SSH access (i.e. when the SSH server forces the execution of a specific command, ignoring any command supplied by the client, either by specifying a 'ForceCommand' directive in the 'sshd_config' file, or by using the 'command' keyword in the 'authorized_keys' file) when the default shell for the user is Bash, allowing the remote attacker to execute arbitrary commands on the vulnerable system.
The module included leverages this vulnerability to install an agent.
This vulnerability can be leveraged to bypass restricted SSH access (i.e. when the SSH server forces the execution of a specific command, ignoring any command supplied by the client, either by specifying a 'ForceCommand' directive in the 'sshd_config' file, or by using the 'command' keyword in the 'authorized_keys' file) when the default shell for the user is Bash, allowing the remote attacker to execute arbitrary commands on the vulnerable system.
The module included leverages this vulnerability to install an agent.
MediaWiki with DjVU or PDF file upload allows a remote attackers to execute arbitrary commands by exploting a bug in the with parameter in thumb.php while previewing the uploaded file.
This update includes a module exploiting a vulnerability found in Bash. When using PureFTPd in conjuntion with the vulnerable Bash version for user authentication, a Core Impact agent is installed.