Search cyberveille.decio.ch

Found 18 bookmarks

Custom sorting

Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart | Qualys Security Blog

The Qualys Threat Research Unit (TRU) has identified five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user interaction. The identified flaws have been assigned the CVE identifiers CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003, highlighting the need for immediate remediation to protect system integrity. Our TRU team has successfully developed functional exploits for these vulnerabilities. While we will not disclose our exploits, please be aware that these vulnerabilities are easily exploitable, and other researchers may release working exploits shortly following this coordinated disclosure. These vulnerabilities have been present since the introduction of interpreter support in needrestart version 0.8, released in April 2014.

#qualys #EN #2024 #TRU #LPE #vulnerabilities #UbuntuServer #CVE-2024-48990 #CVE-2024-48991 #CVE-2024-48992 #CVE-2024-10224

·blog.qualys.com·Nov 23, 2024

Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart | Qualys Security Blog

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux…

#qualys #EN #2024 #OpenSSH #regreSSHion #CVE-2024-6387

·blog.qualys.com·Jul 1, 2024

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…

#Qualys #EN #PwnKit #Linux #CVE-2021-4034 #polkit #pkexec

·blog.qualys.com·Feb 13, 2022

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…

#Qualys #EN #PwnKit #Linux #CVE-2021-4034 #polkit #pkexec

·blog.qualys.com·Feb 13, 2022

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…

#Qualys #EN #PwnKit #Linux #CVE-2021-4034 #polkit #pkexec

·blog.qualys.com·Feb 13, 2022

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…

#Qualys #EN #PwnKit #Linux #CVE-2021-4034 #polkit #pkexec

·blog.qualys.com·Feb 13, 2022

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()

The Qualys Threat Research Unit (TRU) has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in the Linux environment. Before diving into the specific details of the vulnerabilities discovered by the Qualys Threat Research Unit in the GNU C Library, it’s crucial to understand these findings’ broader impact and importance. The GNU C Library, or glibc, is an essential component of virtually every Linux-based system, serving as the core interface between applications and the Linux kernel. The recent discovery of these vulnerabilities is not just a technical concern but a matter of widespread security implications.

#qualys #EN #2024 #report #research #GNU #C #Library #syslog #CVE-2023-6246 #CVE-2023-6779 #CVE-2023-6780

·blog.qualys.com·Jan 31, 2024

Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…

#Qualys #EN #PwnKit #Linux #CVE-2021-4034 #polkit #pkexec

·blog.qualys.com·Feb 13, 2022

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…

#Qualys #EN #PwnKit #Linux #CVE-2021-4034 #polkit #pkexec

·blog.qualys.com·Feb 13, 2022

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

CVE-2023-4911: Looney Tunables - Local Privilege Escalation in the glibc’s ld.so

The Qualys Threat Research Unit (TRU) has discovered a buffer overflow vulnerability in GNU C Library's dynamic loader's processing of the GLIBC_TUNABLES…

#qualys #EN #2023 #GLIBC_TUNABLES #CVE-2023-4911 #buffer #overflow #vulnerability

·blog.qualys.com·Oct 4, 2023

CVE-2023-4911: Looney Tunables - Local Privilege Escalation in the glibc’s ld.so

CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent

The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH's forwarded ssh-agent. This vulnerability allows a remote…

#qualys #EN #2023 #OpenSSH #remote #code #execution #vulnerability #ssh-agent

·blog.qualys.com·Jul 20, 2023

CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…

#Qualys #EN #PwnKit #Linux #CVE-2021-4034 #polkit #pkexec

·blog.qualys.com·Feb 13, 2022

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)

We recently audited snap-confine (a SUID-root program that is installed by default on Ubuntu) and discovered two vulnerabilities (two Local Privilege Escalations, from any user to root): CVE-2021-44730 and CVE-2021-44731.

#qualys #EN #2022 #CVE-2021-44730 #CVE-2021-44731 #snap #ubuntu #audit

·qualys.com·Feb 22, 2022

Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…

#Qualys #EN #PwnKit #Linux #CVE-2021-4034 #polkit #pkexec

·blog.qualys.com·Feb 13, 2022

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)

#qualys #EN #2022 #CVE-2021-44730 #CVE-2021-44731 #snap #ubuntu #audit

·qualys.com·Feb 22, 2022

Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…

#Qualys #EN #PwnKit #Linux #CVE-2021-4034 #polkit #pkexec

·blog.qualys.com·Feb 13, 2022

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)

#qualys #EN #2022 #CVE-2021-44730 #CVE-2021-44731 #snap #ubuntu #audit

·qualys.com·Feb 22, 2022

Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major…

#Qualys #EN #PwnKit #Linux #CVE-2021-4034 #polkit #pkexec

·blog.qualys.com·Feb 13, 2022

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)