Re: [FD] [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell - Update: Dracut is also vulnerable

Hello, We have found that systems that use Dracut instead of initramfs are also vulnerables (tested on Fedora 24 x86_64). Regards, Hector Marco & Ismael Ripoll. > Hello All, > > > Affected package Cryptsetup <= 2:1 > > > CVE-ID -- CVE-2

[FD] CVE-2016-4484: - Cryptsetup Initrd root Shell

is also possible to remotely exploit this vulnerability without having "physical access." Full description: - http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html Regards, Hector Marco & Ismael Ripoll. signature.asc Description: Ope

[FD] CVE-2016-3672 - Unlimiting the stack not longer disables ASLR

unfortunately it was still present in current Linux systems. Details at: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html Best, Hector. -- Dr. Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security Researcher @ http://cybersecurity.upv.es Universitat

[FD] Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]

). And so, the attacker may take control of the computer. More details at: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html Regards, Hector Marco & Ismael Ripoll. -- Dr. Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security Researcher @ http://cybersecurity.up

[FD] Glibc Pointer guarding weakness

. Details and PoC at: http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html A patch is already sent to Glibc maintainers. This issue is similar to http://hmarco.org/bugs/CVE-2013-4788.html but now affect to dynamic linked applications. -- Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security

Re: [FD] AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%

files are not properly done. Could anyone check it ? So, if you are using PaX, it worth to ensure that you are not losing any PaX feature. -- Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security Researcher @ http://cybersecurity.upv.es Universitat Politècnica de València (Spain) __

[FD] AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%

-by-eight.html We sent a patch, and Linux 4.1 Will Improve AMD Bulldozer's ASLR Entropy Issue: http://www.spinics.net/lists/linux-tip-commits/msg27373.html -- Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security Researcher @ http://cybersecurity.upv.es Universitat Politècnica de Val

[FD] Linux ASLR mmap weakness: Reducing entropy by half

). Advisory details at: http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html -- Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security Researcher @ http://cybersecurity.upv.es Universitat Politècnica de València (Spain) ___ Sent through the

[FD] CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four

at: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html Regards, Hector Marco. http://hmarco.org ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists

[FD] CVE-2015-1574 - Google Email App 4.2.2 remote denial of service

, Hector Marco. http://hmarco.org ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] Offset2lib: bypassing full ASLR on 64bit Linux

exploit, recommendations and a demonstrative video has been publish at: http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html Hector Marco. http://cybersecurity.upv.es ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman

[FD] CVE-2014-5439 - Root shell on Sniffit [with exploit]

Space Layout Randomisation ASLR And execute arbitrary code with root privileges. Exploit, fix and discussion in: http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html Regards, Hector Marco. http://hmarco.org Cybersecurity researcher at: http://cybersecurity.upv.es

Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed]

ore difficult to exploit. So, the drop privilege code has more sense nowadays than when was initially coded. 2014-06-03 16:16 GMT+02:00 Hector Marco : Hi everyone, Recently we discovered a bug in bash. After some time after reporting it to bash developers, it has not been fixed. We thi

[FD] Bug in bash <= 4.3 [security feature bypassed]

attack. We strongly recommend to patch your bash code. Why don't fix this bug by simple adding mandatory "if" clause ? Any comments about this issue are welcomed. Details at: http://hmarco.org/bugs/bash_4.3-setuid-bug.html Thanks you, Hector Marco ht

[FD] CVE-2014-1226 s3dvt Root shell (still)

4.3 this vulnerability can be successfully exploited. Bash bug details at: http://hmarco.org/bugs/bash_4.3-setuid-bug.html Hector Marco http://hmarco.org ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure

[FD] CVE-2013-6825 DCMTK Root Privilege escalation

are: - dcmpsrcv - dcmprscp - movescu - storescp - dcmqrscp - wlmscpfs - dcmrecv Details, patches, discussion and strategy to exploit at: http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html Hector Marco http://hmarco.org ___ Sent through the

[FD] CVE-2013-6876 s3dvt Root shell

: http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html Because we found a bug in bash <= 4.3 this vulnerability can be successfully exploited. Bash bug details at: http://hmarco.org/bugs/bash_4.3-setuid-bug.html Hector Marco http://hmarco.