Exploit the possiblities
Showing 1 - 21 of 21 RSS Feed

Files from jannh

First Active2017-01-24
Last Active2017-10-19
Xen Unbounded Recursion In Pagetable De-Typing
Posted Oct 19, 2017
Authored by Google Security Research, jannh

Xen allows pagetables of the same level to map each other as readonly in PV domains. This is useful if a guest wants to use the self-referential pagetable trick for easy access to pagetables by mapped virtual address.

tags | exploit
MD5 | 7b0613bdfa02a772faa0631e1daf6f95
Tor Linux Sandbox Breakout Via X11
Posted Sep 7, 2017
Authored by Google Security Research, jannh

It appears that you can still talk to X11 outside of the Tor sandbox.

tags | exploit
MD5 | 21d81cf14e7577ac16e4401020dd33e8
Linux eBPF Verify Log Leak
Posted May 23, 2017
Authored by Google Security Research, jannh

On Linux, the eBPF verifier log leaks the lower half of a map pointer.

tags | advisory
systems | linux
MD5 | 4dc6117fdf8c57334009b5e438357d7d
MacOS Raw Frame Pointers In Stackshot
Posted May 23, 2017
Authored by Google Security Research, jannh

This is an issue on MacOS that allows un-entitled root to read kernel frame pointers, which might be useful in combination with a kernel memory corruption bug.

tags | exploit, kernel, root
advisories | CVE-2017-2516
MD5 | 5681e6a07ccbf5cc21fde6f5e3fa61b7
MacOS 32-Bit Syscall Exit Kernel Register Leak
Posted May 23, 2017
Authored by Google Security Research, jannh

MacOS suffers from a kernel register leak via 32-bit syscall exit.

tags | exploit, kernel
advisories | CVE-2017-2509
MD5 | 843234a6ae86bbe1332e22a54aaa96c1
VMWare Workstation On Linux Privilege Escalation
Posted May 22, 2017
Authored by Google Security Research, jannh

This vulnerability permits an unprivileged user on a Linux machine on which VMWare Workstation is installed to gain root privileges. The issue is that, for VMs with audio, the privileged VM host process loads libasound, which parses ALSA configuration files, including one at ~/.asoundrc. libasound is not designed to run in a setuid context and deliberately permits loading arbitrary shared libraries via dlopen().

tags | exploit, arbitrary, root
systems | linux
advisories | CVE-2017-4915
MD5 | 6cd7c22bba1395ea99fb53bce68676a2
Xen 64bit PV Guest Breakout Via Pagetable Use-After-Type-Change
Posted May 8, 2017
Authored by Google Security Research, jannh

This is a bug in Xen that permits an attacker with control over the kernel of a 64bit X86 PV guest to write arbitrary entries into a live top-level pagetable.

tags | exploit, arbitrary, x86, kernel
MD5 | 5a144654a1b03c1ef898b305457a091d
VirtualBox Unprivilege Host User To Host Kernel Privilege Escalation
Posted Apr 19, 2017
Authored by Google Security Research, jannh

VirtualBox suffers from an unprivileged host user to host kernel privilege escalation via ALSA config.

tags | exploit, kernel
advisories | CVE-2017-3576
MD5 | dca9d69e8a8c16f4ac99724d454653cf
VirtualBox Guest-To-Host Out-Of-Bounds Write
Posted Apr 19, 2017
Authored by Google Security Research, jannh

VirtualBox suffers from a guest-to-host out-of-bounds write via virtio-net.

tags | advisory
advisories | CVE-2017-3575
MD5 | 0748ee091b775b94daca046bf551edc0
VirtualBox Host User To Host Kernel Privilege Escalation
Posted Apr 19, 2017
Authored by Google Security Research, jannh

VirtualBox suffers from an unprivileged host user to host kernel privilege escalation vulnerability via environment and ioctl.

tags | exploit, kernel
advisories | CVE-2017-3561
MD5 | 5f5257c0521f76504084b603e8ef11c6
VirtualBox Guest-To-Host Local Privilege Escalation
Posted Apr 19, 2017
Authored by Google Security Research, jannh

VirtualBox suffers from a guest-to-host local privilege escalation vulnerability via broken length handling in slirp copy.

tags | exploit, local
advisories | CVE-2017-3558
MD5 | a88ca7fea026237f49504743f2ebd524
Xen memory_exchange() Guest Breakout
Posted Apr 10, 2017
Authored by Google Security Research, jannh

Xen suffers from a broken check in memory_exchange() that permits a PV guest breakout.

tags | exploit
advisories | CVE-2017-7228
MD5 | aa31f251ac964d32a781e52a20d3824f
Samba Symlink Race Permits Opening Files
Posted Mar 27, 2017
Authored by Google Security Research, jannh

Samba suffers from a symlink race that permits opening files outside of the share directory.

tags | exploit
advisories | CVE-2017-2619
MD5 | 25450779e8fb998831d9a67d898707d0
OpenSSH On Cygwin SFTP Client Directory Traversal
Posted Mar 22, 2017
Authored by Google Security Research, jannh

Portable OpenSSH supports running on Cygwin. However, the SFTP client only filters out forward slashes (in do_lsreaddir()) and the directory names "." and ".." (in download_dir_internal()). On Windows, including in Cygwin, backslashes can a lso be used for directory traversal.

tags | exploit
systems | windows
MD5 | 2069de5aceb936104c15b6d7d812f974
QEMU User-To-Root Privilege Escalation
Posted Mar 21, 2017
Authored by Google Security Research, jannh

QEMU suffers from a user-to-root privilege escalation vulnerability inside a VM due to bad translation caching.

tags | exploit, root
MD5 | d2fe6632aa725e7bac4947cf3b028786
VirtualBox VM Escape From Shared Folder
Posted Mar 13, 2017
Authored by Google Security Research, jannh

There is a security issue in VirtualBox in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access to the whole filesystem of the host, at least on Linux hosts.

tags | exploit
systems | linux
MD5 | 541c3c26ddce409486c3184fec42a9e9
QEMU Host Filesystem Arbitrary Access
Posted Feb 18, 2017
Authored by Google Security Research, jannh

QEMU has an issue where virtfs permits a guest to access the entire host filesystem.

tags | advisory
advisories | CVE-2016-9602
MD5 | 44ce981c2743db060165adeb97c78a51
Google Chrome Download Filetype Blacklist Bypass
Posted Feb 18, 2017
Authored by Google Security Research, jannh

Google Chrome suffers from a bypass vulnerability in the download filetype blacklist functionality. Versions 54.0.2840.100 stable is affected.

tags | exploit, bypass
MD5 | ae38a5ec06fe60eb345dfdafae27e295
NTFS-3G Illicit Modprobe Execution
Posted Feb 13, 2017
Authored by Google Security Research, jannh

NTFS-3G has an issue where modprobe is executed with an unsanitized environment.

tags | exploit
advisories | CVE-2017-0358
MD5 | 56fe6a30594a1a204f56abe6c2028df9
Git Private Repository Theft
Posted Feb 7, 2017
Authored by Google Security Research, jannh

Git suffers from a private repository theft by mixing repositories.

tags | exploit
MD5 | 7eb39687a169f4ad7c83db8c4826034e
CUPS DNS Rebinding Via Incorrect Whitelist
Posted Jan 24, 2017
Authored by Google Security Research, jannh

CUPS suffers from an incorrect whitelist that permits DNS rebinding attacks.

tags | exploit
MD5 | 7df1d32ba8bccdc7acdb30f1aa7cd60d
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close