Whitepaper called Encrypted Linux x86-64 Loadable Kernel Modules (ELKM). The aim is to protect kernel-based rootkits and implants against observation by EndpointDetection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling.
8c1624c7c34043b6adcf6bf8d40dacba0d70f69ac41bf3bb91c707f4c800f332Machosec is a script that checks the security of Mach-O 64-bit executables and application bundles for dyld injection vulnerabilities, LC_RPATH vulnerabilities leading to dyld injection, symlinks pointing to attacker controlled locations, writable by others vulnerabilities, missing stack canaries, disabled PIE (ASLR), and disabled FORTIFY_SOURCE (keeping insecure functions such as strcpy, memcpy etc.).
70ca6a3df8488e0268a0db7c2449c2bc9eb3212694506ee5ada98c1deea6a708In this paper, the author presents ELKM, a Linux tool that provides a mechanism to securely transport and load encrypted Loadable Kernel Modules (LKM). The aim is to protect kernel-based rootkits and implants against observation by Endpoint Detection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling. The tool as well as the whitepaper is provided in this archive.
90f8eb13eaf41b5f53ca0215da59d606b3744835abc350e84c035ce5e337aa31This Metasploit module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the ifwatchd suid executable. ifwatchd allows users to specify scripts to execute using the '-A' command line argument; however, it does not drop privileges when executing user-supplied scripts, resulting in execution of arbitrary commands as root. This Metasploit module has been tested successfully on QNX Neutrino 6.5.0 (x86) and 6.5.0 SP1 (x86).
520b8401fb7375e448a96f4237b4662a5608ef3cf6d4d3323e0c69df08ce3fa4NEC EXPRESS CLUSTER comes with Cluster Manager, a Java applet for cluster configuration and management. The underlying webserver 'clpwebmc' runs as root and accepts connections on TCP port 29003 which can be initiated without authentication in the default installation.
abde48e9edefd36c2ec573273e99f18d26d4f0dfab188cdf694470a165b164e5Tails versions 1.6 and below suffers from an information leak vulnerability via a symlink attack.
4bc182b9191120b13aafd944de470614c5ad8a118056b97853287258da456e0fThe setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere in a directory in /tmp circumvents that protection thus making it possible to load a shared library containing a payload which creates a root shell.
2fe41a90799fee4a1fce5da2d6dcba950035afb15b2c3fe6f1dcec5f37e1a3a0QNX versions 6.4.x and 6.5.x suffer from a ppoectl vulnerability that allows for disclosure of /etc/shadow.
5c0faf1a0a91819585324e6293f765978634beef1af118930f364899b2d8cd3fQNX version 6.5.0 local root exploit that leverages a buffer overflow in /usr/photon/bin/phfont.
19e870dc4af45f9142802364260c85a97bb855c6dd8f4c546f6dc5f966feffd3QNX version 6.5.0 x86 io-graphics local root exploit that leverages a buffer overflow vulnerability.
599feb2a83e57f9097abc6a63e81c1d71632e87f4c7b3b69c52d7312d2d62af9QNX versions 6.4.x and 6.5.x ifwatchd local root exploit.
e5b7e006717ecc66aed13554af23e9c9683aad8e73b91602735a97db51e3be49QNX version 6.x Photon functionality allows for an arbitrary file overwrite with root level privileges allowing for denial of service and privilege escalation for a local user.
2428c5f0b3b62dae9b037b581daba0764dd42b93c2e8ded7b7b27d6dddee2045QNX version 6.x suffers from an enumeration vulnerability using the setuid /usr/photon/bin/phfont binary.
6d8c2b3e86406470b2ec78792cebe88b0350304f76f4474ded0115d2baf4ab28QNX version 6.x suffers from a file enumeration vulnerability that leverages the setuid /usr/photon/bin/phgrafx binary.
f9892def99ee2cd533b3bb50760be4d343f5ec3f2e072b5939393723e93753b2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed