Local root exploit for the x86_64 Linux kernel ia32syscall emulation vulnerability. This is a variant of a vulnerability found back in 2007.
a975a5a7e9e7bdcda51544b9df0e5c25b8e47ff9127f4b0b85f74f3553538ba9Multiple vulnerabilities have been discovered in the vmsplice() system call introduced in the Linux 2.6.23 kernel.
e4ce026161011f3f6bad149c013509e569e86fda7dfaac5154e98ae7c30169d6Local root exploit for the x86_64 Linux kernel ia32syscall emulation bug.
8d91a3219d851d8406ae0d6bc5f4d6d08474c37d42d187149534fafa463a0295Insufficient validation of the general-purpose register in IA32 system call emulation code may lead to local system compromise on x86_64 platform for Linux kernels in the 2.4 and 2.6 series.
582a5c2d939e68c0d571198a813a2719f83439bc4ef3e77a22f493ad41e5defaThe Linux 2.4 and 2.6 kernel series suffer from a flaw where an unprivileged local user may send arbitrary signals to a child process despite security restrictions.
7c9f3434ab96d1228f440fefc55f250c4adef43da86eb1146a9ca16c0705928aLinux kernel versions 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 have an integer overflow in setsockopt MCAST_MSFILTER. Proper exploitation of this vulnerability can lead to privilege escalation.
836369aad1ed778a870f252f0733e83e6fb921672b010265395c6bb0c30ddc9dThe mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access. Updated version of the original release of this document.
0a4e3c81dc818181f880893f3f4e1c339b5517ada7d7b0d09c8ac1ddf34cbe95The mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access.
1f3565207e96102d6a63c660b43ba3e8e06061f744c34c3ff6a6df7a1d02e5efLinux kernel do_brk local root exploit for kernel v2.4 prior to 2.4.23.
f98be0441d82e009d44e6c534ff42d61320cb3bbe6090cd293642c072981f3d8Detailed information on the linux kernel v2.4 prior to v2.4.23 local root vulnerability in the do_brk() kernel function. Kernels 2.4.20-18.9, 2.4.22 (vanilla), and 2.4.22 with grsecurity patch are confirmed vulnerable.
43a76479ec2e92c678e1e79c86fa11a5609b490ba6e29b4d220c64300a875126Juggling with packets: floating data storage - White paper discussing the use of network traffic as a storage medium for data and how this could be utilized to not leave an audit trail.
7729c506c6789c1f397e325fee04b369ccf9758ca045af5579673f7a9b1017c1FreeBSD Security Advisory FreeBSD-SA-03:08.realpath - An off-by-one error exists in a portion of realpath(3) that computes the length of a resolved pathname. As a result, applications making use of realpath(3) may be vulnerable to denial of service attacks, remote code execution, and privilege escalation. A staggering amount of applications make use of this functionality, including but not limited to, sftp-server and lukemftpd.
c39b1f231af3aa6eed22527f9da4ecb48a71fe2b9222d7e38045c619b9534d99wu-ftpd versions 2.5.0 to 2.6.2 have been found to be susceptible to an off-by-one bug in fb_realpath(). A local or remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system.
26d10c27b7202a5cb1389a5a1f1668d76a81ead7b06f38bae80956501c6824ceLocal root exploit for ptrace/kmod that exploits a race condition which creates a kernel thread in an insecure manner. Works under the 2.2.x and 2.4.x series of kernels.
72ae0bfa8eb81293a2396206e7ad00cfda70b30e0f942d08be44beb20808ba6eSolaris "at -r" tmp race condition exploit which allows users to remove any file on the system.
0e4eab68b09f0e8fa8ff07d18d3403760f7028cb038b1899882f303593f7e53aThe at utility in Solaris has name handling and race condition vulnerabilities. Using the -r switch to remove a job allows an attacker to remove any file on the filesystem as root. Although at filters out absolute paths, a simple ../ directory traversal maneuver allows an attacker to remove files out of the allowed boundary.
a1784e9527e8a56be1b234c7034c3ab545ca36e2fe248fa59675016423982b32Libsafe protection against format string exploits may be easily bypassed using flag characters that are implemented in glibc but are not implemented in libsafe. Example exploit code included. Libsafe v2.0-12 fixes the issue.
67243630ffbf72dec1fb961dd0c2684be8255858ba9eac121ed463abc80f0bb6Capsel v1.9.99pre5 is a Linux kernel module for v2.2.x and 2.4.x with many features that increase your system security. It features the ability to stop chroot jail break, stop ptracing, control the execve call, and removes read permission from core dumps. It also changes the behavior of set*uid system calls which may be used by programs to drop almost all capabilities and UID without dropping capabilities that are needed to work correctly (i.e. bind sockets). Allows you to get rid of many of your SUID files.
a5918d4a20d806208b32e0b417f47e29eb7c913b1b76c03f7dcc0a0f05f8e1feSendmail & procmail & kernel less than 2.2.15 local root exploit.
4296222d1bf1930105daa59e2a5114c9af90add47c2081575d64f3a6d4215ae3Linux kernel 2.2.X (X<=15) & sendmail less than or equal to 8.10.1 local root exploit shell script.
3b67ba848976793933d8e5cb6e27c246ec4bf7b79874530a6a791c5581d9d695inndx: innd remote 'news' user/group exploit. Tested on innd-2.2.2-3 default installation on RedHat 6.2.
40a254fd6187f80b20f5181e8ee23d738cce908dc6782c0452d8dc9564f32a3f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed