This module exploits a Remote Code Execution vulnerability in Mantis

version 1.1.3 when handling the sort parameter in manage_proj_page without

the proper validation that leads to a remote code execution on Mantis' Web

server.

This update adds support for the OSX platform.

A backdoor introduced by attackers allows unauthenticated users remote root access to systems which run the maliciously modified version of the ProFTPD daemon.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations.

Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an IMPACT agent, creates a php file to execute the agent and then makes a request to the file. The result is an IMPACT agent running on the webserver.

This update adds support for the AIX platform.

This module exploits a Remote Code Execution vulnerability in Mantis

version 1.1.3 when handling the sort parameter in manage_proj_page without

the proper validation that leads to a remote code execution on Mantis' Web

server.

This update adds support for the AIX platform.

Distcc, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. This module exploits the vulnerability to install an agent.

The GNU C dynamic linker (ld.so) is prone to a local privilege-

escalation vulnerability. This module exploits the vulnerability to

install an agent with root privileges.

The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges.

This update improves the module reliability.

The Linux kernel is prone to a privilege escalation vulnerability that can be exploited by local unprivileged users to gain root access, because

the RDS protocol does not properly check that the base address of a user-provided iovec struct points to a valid userspace address before using the __copy_to_user_inatomic() function to copy the data. By providing a kernel address as an iovec base and issuing a recvmsg() style socket call, a local user could write arbitrary data into kernel memory, thus escalating privileges to root.

The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an IMPACT agent, creates a php file to execute the agent and then makes a request to the file. The result is an IMPACT agent running on the webserver.

This update adds support for Solaris platforms.

This update adds support for Solaris platforms.