This module exploits a user-after-free vulnerability in the Linux Kernel.



When bpf(BPF_PROG_LOAD, ...) was invoked with a BPF program whose bytecode references a non-map file descriptor as a map file descriptor, the error handling code called fdput() twice instead of once (in __bpf_map_get() and in replace_map_fd_with_map_ptr()). If the file descriptor table of the current task is shared, this causes f_count to be decremented too much, allowing the struct file to be freed while it is still in use (use-after-free). This can be exploited to gain root privileges by an unprivileged user.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This module executes a program designed to check for a buffer overflow in glibc's getaddrinfo function. Multiple stack-based buffer overflows in the send_dg and send_vc functions in the libresolv library in the GNU C Library allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family.
Insufficient input validation in ImageMagick can lead to code execution when processing with certain types of files. This update introduces a module that generates an MVG format file that, when manipulated by the vulnerable versions of ImageMagick tools, deploys an agent in the supported systems.
An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie.

The newline acts as a command separator to the xauth binary.

The injected xauth commands are performed with the effective permissions of the logged in user.

This attack requires the server to have 'X11Forwarding yes' enabled.

This module injects source xauth command to retrieve arbitrary files.
Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution.



There are several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution.



This update adds support for HTTPS and IPv6. It also allows to change the application root path.
Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution.



There are several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution.
Spring Boot Framework 1.2.7 provides a default error page (also known as "Whitelabel Error Page"), that's prone to Spring Expression Language injection when the type of a parameter expected is not expected to be a string but a string is provided. Applications based on Spring Boot that don't deactivate the feature, or customize it in such a way as to stop the injection, are thus susceptible to execution of some Java statements and, in particular, to OS command injections.



This module checks all the parameters in the given pages and, if at least one parameter is vulnerable to the injection, installs an OS Agent.
Subscribe to Linux