all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Ray OS 2.6.3 Command Injection

Add to bookmarks
April 12, 2024, 2:44 p.m. |

Packet Storm packetstormsecurity.com

The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system is configured to allow passwordless sudo (a setup some Ray configurations require) this will result in a root shell being returned to the user. If not configured, a user level shell will be returned. Versions 2.6.3 and below are affected.

command command injection cpu dashboard injection page parameter passwordless profiling project ray result root setup shell sudo system

Visit resource

More from packetstormsecurity.com / Packet Storm

Windows PspBuildCreateProcessContext Double-Fetch / Buffer Overflow 22 hours ago | packetstormsecurity.com
buffer buffer overflow code concept +11
Windows NtQueryInformationThread Double-Fetch / Arbitrary Write 22 hours ago | packetstormsecurity.com
code concept escalation fetch +7
undefinedExploiting The NT Kernel In 24H2undefined 22 hours ago | packetstormsecurity.com
blog bugs code escalation +8
osCommerce 4 Cross Site Scripting 22 hours ago | packetstormsecurity.com
cross site scripting discovery november scripting +2
Ubuntu Security Notice USN-6758-1 22 hours ago | packetstormsecurity.com
access attacker denial of service issue +13
Ubuntu Security Notice USN-6761-1 22 hours ago | packetstormsecurity.com
accounts attacker changing credentials +10
Ubuntu Security Notice USN-6759-1 22 hours ago | packetstormsecurity.com
attacker crash denial of service issue +10
Ubuntu Security Notice USN-6757-1 22 hours ago | packetstormsecurity.com
arbitrary code attacker code cookies +12
Red Hat Security Advisory 2024-2528-03 22 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +4

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Information Security Cyber Risk Analyst

@ Intel | USA - AZ - Chandler
View on infosec-jobs.com

Senior Cloud Security Engineer (Fullstack)

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Principal Product Security Engineer

@ Oracle | United States
View on infosec-jobs.com

Cybersecurity Strategy Director

@ Proofpoint | Sunnyvale, CA
View on infosec-jobs.com

Information Security Consultant/Auditor

@ Devoteam | Lisboa, Portugal
View on infosec-jobs.com

IT Security Engineer til Netcompany IT Services

@ Netcompany | Copenhagen, Denmark
View on infosec-jobs.com
View more jobs