Integer Overflow in create_elf_tables() : CVE–2018-14634

An Integer overflow vulnerability has been disclosed by Qualys Research Labs. The vulnerability is assigned CVE-2018-14634. The issue affects kernels with commit b6a2fea39318 without da029c11e6b1. Red Hat Enterprise Linux and CentOS are vulnerable. Upon successful exploitation a local attacker can gain root privileges on the target machine. A PoC is available online. Red Hat has addressed this … Continue reading “Integer Overflow in create_elf_tables() : CVE–2018-14634”

SegmentSmack: CVE-2018-5390

Linux kernel versions 4.9+ are vulnerable to Denial of Service attacks due to a resource exhaustion vulnerability. The issue is being tracked via CVE-2018-5390. The vulnerability has been named SegmentSmack. An attacker can exploit this bug by triggering expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(). The attacker needs to send crafted TCP packets within already established TCP … Continue reading “SegmentSmack: CVE-2018-5390”

Intel LazyFP Vulnerability : CVE-2018-3665

An information disclosure vulnerability has been disclosed in Intel Microprocessors. Lazy restored FP states are susceptible to speculative execution cache side-channel attacks, A process can infer FPU registry (AVX, MMX and SSE) values of other processes. CVE-2018-3665 has been assigned to track this issue. It does not affect AMD processors. Intel has addressed this vulnerability in … Continue reading “Intel LazyFP Vulnerability : CVE-2018-3665”

Out-of-Order Execution Side-Channel attack [Spectre/Meltdown]

A flaw in Out-of-Order execution mechanism allows user level programs to leak addresses of kernel and process memory space. This vulnerability can be exploited to bypass KASLR as well as CPU security features like SMAP,SMEP,NX and PXN. It can be exploited to bypass OS process isolation. The issue affects processors from Intel, AMD ,ARM, Samsung and … Continue reading “Out-of-Order Execution Side-Channel attack [Spectre/Meltdown]”

[Zero Day] Memory Leak and Buffer Overflow Vulnerability in GNU C Library Dynamic Loader

Qualys Vulnerability and Malware Research Labs has uncovered vulnerabilities in the Linux operating system specifically in glibc’s shared object. CVE-2017-1000408 is a Memory Leak vulnerability and CVE-2017-1000409 is a Buffer overflow vulnerability which is not exploitable if /proc/sys/fs/protected_hardlinks is enabled on the machine. The targets are  not vulnerable to either of these vulnerabilities if … Continue reading “[Zero Day] Memory Leak and Buffer Overflow Vulnerability in GNU C Library Dynamic Loader”

Huge Dirty CoW Vulnerability : CVE-2017–1000405

Researchers have found that the patch for the original Dirty CoW is incomplete and does not address a condition where a read-only privileged page is marked dirty. The vulnerability has been assigned CVE-2017-1000405. Similar to Dirty CoW the bug allows an unprivileged authenticated local user to gain write access to read only memory mappings. By … Continue reading “Huge Dirty CoW Vulnerability : CVE-2017–1000405”

Critical Vulnerabilities Discovered in dnsmasq

Various vulnerabilities have been discovered in dnsmasq, an open source framework for managing DNS, DHCP, Router Advertisement, network boot etc. These issues were discovered in versions prior to 2.78 . The vulnerabilities were disclosed to CERT/CC by Google Security Team. These vulnerabilities can be exploited remotely via DNS and DHCP protocol. CVE Protocol Description CVE-2017-14491 DNS 2 byte … Continue reading “Critical Vulnerabilities Discovered in dnsmasq”

Linux PIE/Stack Corruption: CVE-2017-1000253

Qualys Vulnerability and Malware Research Labs (VMRL) has found a Local Privilege Escalation vulnerability in Linux operating system. The vulnerability is named “Linux PIE/stack corruption” with CVE-2017-1000253. Exploiting this vulnerability will result in stack corruption as it is overwritten by data segments of a PIE binary, an unprivileged local user with access to SUID PIE … Continue reading “Linux PIE/Stack Corruption: CVE-2017-1000253”

BlueBorne: Bluetooth Attack Vector

A new attack vector called ‘BlueBorne‘ has been discovered. The name is a play on the word ‘airborne’ as it allows attackers to take over devices on air-gapped networks. This attack was disclosed by Armis Lab. The vulnerabilities exploited by this attack affects Android, Linux, Windows, and iOS version less than 10. Targets can be compromised regardless of the … Continue reading “BlueBorne: Bluetooth Attack Vector”