Rene RobichaudPoC Released for Sudo chroot Flaw Allowing Local Privilege Escalation
https://gbhackers.com/poc-released-for-sudo-chroot-flaw/
#Infosec #Security #Cybersecurity #CeptBiro #PoC #Sudo #Chroot #LocalPrivilegeEscalation
Axel π΄π·π§πͺβ¨ | #WeAreNatenomThe xz backdoor storm isn't over yet and the next storm seems coming up: #LocalPrivilegeEscalation in the #Linux #kernel 5.15 to 6.5 (at least): https://github.com/YuriiCrimson/ExploitGSM
Affects at least #Debian 12 Stable and #Ubuntu 22.04 LTS (including HWE kernels).
(Via https://twitter.com/matteyeux/status/1777974230325354579 and https://www.reddit.com/r/linux/comments/1c0i7tx/someone_found_a_kernel_0day/)
ITSEC NewsWindows Zero-Day Still Circulating After Faulty Fix - The LPE bug could allow an attacker to install programs; view, change, or delete data; or create n... https://threatpost.com/windows-zero-day-circulating-faulty-fix/162610/ #localprivilegeescalation #googleprojectzero #vulnerabilities #cve-2020-17008 #proofofconcept #windowszeroday #cve-2020-0986 #unpatched #badpatch
Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape - Google Project Zero disclosed the bug before a patch becomes available from Microsoft. https://threatpost.com/unpatched-windows-zero-day-exploited-sandbox-escape/160828/ #localprivilegeescalation #securityvulnerability #googleprojectzero #vulnerabilities #7-daydisclosure #bufferoverflow #cve-2020-17087 #proofofconcept #sandboxescape #inthewild #windows10 #zero-day #exploit #windows #kernel #crash #ioctl #bug
Authentication Bug Opens Android Smart-TV Box to Data Theft - The streaming box allows arbitrary code execution as root, paving the way to pilfering social-medi... https://threatpost.com/authentication-bug-android-smart-tv-data-theft/160025/ #localprivilegeescalation #arbitrarycodeexecution #securityvulnerability #androiddebugbridge #vulnerabilities #websecurity #commandline #serialport #set-topbox #sick.codes #hindotech #critical #hk1tvbox #smarttv #root #uart #iot
IBM AI-Powered Data Management Software Subject to Simple Exploit - A low-privileged process on a vulnerable machine could allow data harvesting and DoS. https://threatpost.com/ibm-ai-powered-data-management-software-subject-exploit/158497/ #localprivilegeescalation #artificialintelligence #securityvulnerability #vulnerabilities #sharedmemorybug #datamanagement #proofofconcept #cve-2020-4414 #tracefacility #exploit #breach #db2 #ibm #poc
OpenBSD Hit with Authentication, LPE Bugs - The authentication bypass (CVE-2019-19521) is remotely exploitable. more: https://threatpost.com/openbsd-authentication-lpe-bugs/150849/ #localprivilegeescalation #securityvulnerabilities #authenticationbypass #vulnerabilities #bugbounty #openbsd #patches #qualys #lpe