This Metasploit module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This Metasploit module uploads and executes Qualys' Solaris_rsh.c exploit, which exploits a vulnerability in RSH to bypass the stack guard page to write to the stack and create a SUID root shell. This Metasploit module has offsets for Solaris versions 11.1 (x86) and Solaris 11.3 (x86). Exploitation will usually complete within a few minutes using the default number of worker threads (10). Occasionally, exploitation will fail. If the target system is vulnerable, usually re-running the exploit will be successful. This Metasploit module has been tested successfully on Solaris 11.1 (x86) and Solaris 11.3 (x86).
1e59da07b25c5d7ed7f7081baca4d6ef68b592b7e64e01af24769ec5d101e1a3
HPE Security Bulletin HPESBHF03800 1 - Remote denial of service and local elevation of privilege security vulnerabilities have been identified in HPE Comware 7 MSR Routers running software earlier than the R0605P20 release. Revision 1 of this advisory.
fb513de437b8d51d95b1e198d06970921be35743203d74648a285feab330ccd6
Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.
91cb2bc988d62a783323447ecb77bf0d50a13e5d484b3ad48a99a46f99980cdf
Red Hat Security Advisory 2017-1712-01 - Red Hat 3scale API Management Platform 2.0 is a platform for the management of access and traffic for web-based APIs across a variety of deployment options. Security Fix: It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. The underlying container image was also rebuilt to resolve other security issues.
a7af4bd1f8c09fdc97fe5d258dbe002aa51401e2d6557029d5dfcf6178099e7a
Slackware Security Advisory - New kernel packages are available for Slackware 14.0 to fix security issues.
c28dd79c747d59ab4d92a0036b9acc8cf1fdee8759a0c01bd3bbd4940709cf92
Ubuntu Security Notice 3338-2 - USN-3338-1 fixed vulnerabilities in the Linux kernel. However, the fix for CVE-2017-1000364 introduced regressions for some Java applications. This update addresses the issue. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
5a99af3894c4fc090fac2baaecc7fd883c01e2ad021d13522a1c7fa248f1aaf7
Red Hat Security Advisory 2017-1616-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
8aecb00d2b9667bdf5d8c27595fddfad109f0a2bfd6bc403167c8298e434ebc5
Red Hat Security Advisory 2017-1647-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
4df02e3c6dd354591d13a86f53c57cd626f1477f6715af4f1d6dffe22a92ba18
Slackware Security Advisory - New kernel packages are available for Slackware 14.2 and -current to fix security issues.
970a6a172e9260f4249ec31d0dfcbdc5b73376df688024ebe93ac6125c292a2f
It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges.
f95f04e7b1184d8df724d4c1d6507362007db3395f5fc92d7f1ed879378408ed
Ubuntu Security Notice 3338-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
652aa8cb5ead97eef35be1bc0b0ca6db11e226fedaf3729f823ae1919d9b0983
Ubuntu Security Notice 3335-2 - USN-3335-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
1c33f5d44a14e69e5032c978bc430b7b99ada6ca5b272c9e9ca1f553dfe38e87
Red Hat Security Advisory 2017-1567-01 - Red Hat Container Development Kit is a platform for developing containerized applicationsaaait is a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. With this update, Container Development Kit has been updated to 3.0.0-2, which includes an updated Red Hat Enterprise Linux ISO that contains fixes for the following security issues. Multiple security issues have been addressed.
a44f757946233e3a364bd96604e6658ea5f5335e5e0f8ec459d87aed6e053f59
Ubuntu Security Notice 3329-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
035f5397513469fc46fe35fc3228e636010806cb370496656d19713eb1f42714
Ubuntu Security Notice 3328-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
0b1eb015a833ea8a4dfab366e58e5ac3b87d72f7670b90113f19c11dec5ad22e
Ubuntu Security Notice 3327-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
c8c82662c76f129144ea64a38a2922ced4fc5e2dd5cb6bd32a3b70e86b0a7190
Ubuntu Security Notice 3326-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
ad46e108752d84316d39abb27edf66eba2d2bdfab7dd2aa8588e99776a86620c
Ubuntu Security Notice 3324-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
2c5ba59805eb07621c353113a2a21f38511aadfb5495a6ed18f4d144cfe959ab
Ubuntu Security Notice 3325-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
426ec316fe236e8d4959114127b40493159b960d73bfac790d20f2dc4485a012
Ubuntu Security Notice 3333-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
4f09ff9dd0d89be7716f1de63c51f7fa6a9d6f67532e75235081f7aa9d16038e
Ubuntu Security Notice 3330-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
561ba665a7c8f14f516368a687aefc2ebe5edf93a9e4bdf5d2c8abff837be886
Ubuntu Security Notice 3331-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
5360f2519114cf4b52118ed5761eecdee88d6b6f9f4e8f48aceb3b4dd94c7be3
Ubuntu Security Notice 3332-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.
d86bb80f33e0989ed1392542782f2b74404af76ec716b844dd5b37b8a9521b5e
Red Hat Security Advisory 2017-1484-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
70f2d03339adc94ba659898ee5ec2c30a159d8de22a306e7bfddacc3f37c63b2
Ubuntu Security Notice 3335-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a18999a5900951e758b482057ceed33a0d89e8139f2125f11dd871bbd302fdfc