what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files from Hector Marco

Email addresshmarco at hmarco.org
First Active2013-07-16
Last Active2016-11-16
Cryptsetup 2:1.7.3-2 Root Initramfs Shell
Posted Nov 16, 2016
Authored by Hector Marco, Ismael Ripoll

A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup). This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it doesn't depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to data. In cloud environments it is also possible to remotely exploit this vulnerability without having "physical access". Cryptsetup versions 2:1.7.3-2 and below are affected.

tags | advisory, shell, root
systems | linux
advisories | CVE-2016-4484
SHA-256 | a533475e588d0a35025183dd93ff60b65d867075cd009e955f89a1138f7cd7fe
Linux ASLR Weakness Addressed
Posted Apr 7, 2016
Authored by Hector Marco

A weakness in the Linux ASLR implementation has been addressed.

tags | advisory
systems | linux
advisories | CVE-2016-3672
SHA-256 | dc611674639e17d87db4bc8f7c419a93127da71cfb5a237027c9ffac55a2e504
Grub2 Authentication Bypass
Posted Dec 15, 2015
Authored by Hector Marco, Ismael Ripoll

Grub2 versions 1.98 through 2.02 suffer from an authentication bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2015-8370
SHA-256 | 83bd7487636061aa2b0800d6365ebfbe91d7c0307ab06febcf641741b08068f4
Glibc Pointer Guarding Weakness
Posted Sep 7, 2015
Authored by Hector Marco, Ismael Ripoll | Site hmarco.org

Glibc pointer guarding weakness proof of concept code.

tags | exploit, proof of concept
SHA-256 | 64411cf75336417b9d476a2bf486dd76842d1e2a6149f57b59c3900238a08677
AMD Bulldozer Linux ASLR Weakness
Posted Apr 22, 2015
Authored by Hector Marco

A security issue in Linux ASLR implementation which affects some AMD processors has been found. The issue affects to all Linux process even if they are not using shared libraries (statically compiled). The problem appears because some mmapped objects (VDSO, libraries, etc.) are poorly randomized in an attempt to avoid cache aliasing penalties for AMD Bulldozer (Family 15h) processors. Affected systems have reduced the mmapped files entropy by eight. Grsecurity/PaX is also affected. The total entropy for the VVAR/VDSO, mmapped files and libraries of a processes are reduced by eight. The number of possible locations where the mapped areas can be placed are reduced by 87.5%.

tags | advisory
systems | linux
SHA-256 | 775d1f12325916fd03a6f940333695b6ae0d7cad1e68d2d8d0149405f2dd39ed
Linux ASLR Improper Randomness
Posted Apr 22, 2015
Authored by Hector Marco

A bug in Linux ASLR implementation has been found. The issue is that the mmap base address for processes is not properly randomized on some architectures due to an improper bit-mask manipulation. Affected systems have reduced the mmap area entropy of the processes by half.

tags | advisory
systems | linux
SHA-256 | 5561c263f5ccd156d5f5f50185acc7545668c0275b3b60446b6c52dff9c6ea14
Linux ASLR Improper Randomization
Posted Feb 16, 2015
Authored by Hector Marco

A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has been found. The issue is that the stack for processes is not properly randomized on some 64 bit architectures due to an integer overflow.

tags | advisory, overflow
systems | linux
advisories | CVE-2015-1593
SHA-256 | 9890952521e3cd5f5015f68364d858db61068493b180f85994b13d9035ba96b2
Google Email 4.4.2.0200 Denial Of Service
Posted Feb 13, 2015
Authored by Hector Marco

A bug in the stock Google email application version 4.4.2.0200 has been found. An attacker can remotely perform an denial of service attack by sending a specially crafted email. No interaction from the user is needed to produce the crash just receive the malicious email.

tags | exploit, denial of service
advisories | CVE-2015-1574
SHA-256 | ac7559e1e73b67d06c92b883f14f41cbf66238ec15aa4ca1bdae29c219ef9c78
Packet Storm Advisory 2014-1204-1 - Offset2lib: Bypassing Full ASLR On 64bit Linux
Posted Dec 5, 2014
Authored by Hector Marco, Ismael Ripoll | Site packetstormsecurity.com

The release of this advisory provides exploitation details in relation a weakness in the Linux ASLR implementation. The problem appears when the executable is PIE compiled and it has an address leak belonging to the executable. These details were obtained through the Packet Storm Bug Bounty program and are being released to the community.

tags | advisory, bug bounty, packet storm
systems | linux
SHA-256 | 57833cb6d2c4d2d145ba4e56f348f6182a247930713b65de664031a38287a959
Packet Storm Exploit 2014-1204-1 - Offset2lib: Bypassing Full ASLR On 64bit Linux
Posted Dec 5, 2014
Authored by Hector Marco, Ismael Ripoll | Site packetstormsecurity.com

Proof of concept code that demonstrates an ASLR bypass of PIE compiled 64bit Linux.

tags | exploit, proof of concept, bug bounty, packet storm
systems | linux
SHA-256 | af29e970411b02a4faa3410f217a6f31cf2be6b21d710ee65c2ff859aa9a0426
Sniffit Root Shell
Posted Nov 27, 2014
Authored by Hector Marco, Ismael Ripoll

A specially-crafted sniffit configuration file can be leveraged to execute code as root.

tags | exploit, root
advisories | CVE-2014-5439
SHA-256 | 0e5fe0fcd83bf75ca01e02b696edc874fa9921b6318df3ad0fddb1136bf2a3eb
s3dvt Privilege Escalation
Posted Jun 2, 2014
Authored by Hector Marco, Ismael Ripoll

s3dvt suffers from a local privilege escalation vulnerability due to a lack of checking the setuid() return code.

tags | advisory, local
advisories | CVE-2013-6876
SHA-256 | 0a8c3b679a43618d9ffc8263cd5c4998800f72c4afbd6b76ebceaaf9c16532cb
DCMTK Privilege Escalation
Posted Jun 2, 2014
Authored by Hector Marco

DCMTK versions prior to 3.6.1 suffer from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2013-6825
SHA-256 | e5daa4eb447688d47ee6554039d298426fdee9e6b9db86fd1833f9b82940238d
Eglibc PTR MANGLE Bug
Posted Jul 16, 2013
Authored by Hector Marco, Ismael Ripoll

Eglibc suffers from a PTR MANGLE bug. All statically linked applications compiled with glibc and eglibc are affected, independent of the operating system distribution. Note that this problem is not solved by only patching the eglibc, but it is also necessary to recompile all static executables. Proof of concept exploit included.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2013-4788
SHA-256 | 886e08b8e90e2d9b861f8e4dba2d25b994c4200f1929e01cc6bc74363c57f184
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close