exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files from Paul Starzetz

Email addressihaquer at isec.pl
First Active2000-06-29
Last Active2005-08-07
isec-0023-coredump.txt
Posted Aug 7, 2005
Authored by Paul Starzetz | Site isec.pl

Linux kernel ELF core dump privilege elevation advisory and proof of concept exploit. Affects the 2.2 series up to and including 2.2.27-rc2 and 2.4 up to and including 2.4.31-pre1. Also affected is 2.6 up to and including 2.6.12-rc4.

tags | exploit, kernel, proof of concept
systems | linux
advisories | CVE-2005-1263
SHA-256 | 212888e5da8ea742abd0cc0bfa4ca3154edd8f5a58ea7bade1c81b8ebb10754b
isec-0022-pagefault.txt
Posted Jan 15, 2005
Authored by Paul Starzetz | Site isec.pl

A locally exploitable flaw has been found in the Linux page fault handler code that allows users to gain root privileges if running on multiprocessor machine.

tags | advisory, root
systems | linux
advisories | CVE-2005-0001
SHA-256 | 214351de609f4dc4b72e3eef348a9ef9870d7de16823db0bf41a51b7d21295e6
isec-0021-uselib.txt
Posted Jan 7, 2005
Authored by Paul Starzetz | Site isec.pl

Locally exploitable flaws have been found in the Linux binary format loaders' uselib() functions that allow local users to gain root privileges. Linux kernel versions 2.4 up to and including 2.4.29-pre3, 2.6 up to and including 2.6.10 are affected. Exploit included.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2004-1235
SHA-256 | dc8912477cabd4620eccb9621b77afc571d533b90b200dfc6fc0b9d16173ee04
isec-0019-scm.txt
Posted Dec 30, 2004
Authored by Paul Starzetz | Site isec.pl

A locally exploitable flaw has been found in the Linux socket layer that allows a local user to hang a vulnerable machine. Kernel version 2.4 up to and including 2.4.28 and 2.6 up to and including 2.6.9 are susceptible. Full exploitation provided.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2004-1016
SHA-256 | 82a4d30397e375670877101fd568eef691baac3098d148ecc92a14d4113999f3
isec-0018-igmp.txt
Posted Dec 30, 2004
Authored by Paul Starzetz | Site isec.pl

Multiple bugs both locally and remotely exploitable have been found in the Linux IGMP networking module and the corresponding user API. Full exploit provided. Linux kernels 2.4 up to and include 2.4.28 and 2.6 up to and including 2.6.9 are affected.

tags | exploit, kernel
systems | linux
advisories | CVE-2004-1137
SHA-256 | abea45d57330bec18503dd9ea76e21f5d34db415e88430327a7b05eab5aecaf0
2427surprise.txt
Posted Nov 20, 2004
Authored by Paul Starzetz | Site isec.pl

A subtle race condition in Linux kernels below 2.4.28 allow a non-root user to increment (up to 256 times) any arbitrary location(s) in kernel space. This flaw could be used to gain elevated privileges.

tags | advisory, arbitrary, kernel, root
systems | linux
SHA-256 | d671cbd752252bb78a3d63491ad5f4be3c8c380bfeaa1eecfe09915f101df920
binfmt_elf.txt
Posted Nov 12, 2004
Authored by Paul Starzetz

Five different flaws have been identified in the Linux ELF binary loader. Exploit included core dumps a non-readable but executable ELF file.

tags | exploit
systems | linux
SHA-256 | 6d1a1dcc2d1f40d16e7881000db74eeb1ea2358c6b174e5ef41c1033b6596cf8
isec-0016-procleaks.txt
Posted Aug 5, 2004
Authored by Paul Starzetz | Site isec.pl

A critical security vulnerability has been found in the Linux kernel code handling 64bit file offset pointers. Successful exploitation allows local users to have access to kernel memory. Kernel series affected are 2.4.26 and below and 2.6.7 and below. Full exploit provided.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2004-0415
SHA-256 | 92706af943a287522ac0045554f0149a454453a2c0f2f0482f4e4f98d714283a
isec-0015-msfilter.txt
Posted Apr 20, 2004
Authored by Wojciech Purczynski, Paul Starzetz | Site isec.pl

Linux kernel versions 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 have an integer overflow in setsockopt MCAST_MSFILTER. Proper exploitation of this vulnerability can lead to privilege escalation.

tags | advisory, overflow, kernel
systems | linux
SHA-256 | 836369aad1ed778a870f252f0733e83e6fb921672b010265395c6bb0c30ddc9d
isec-0014-mremap-unmap.v2.txt
Posted Mar 2, 2004
Authored by Paul Starzetz | Site isec.pl

A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2.

tags | exploit, kernel
systems | linux
advisories | CVE-2004-0077
SHA-256 | 483ed3b485fe72175ca9d4f6e07e3c8cc8998ed7ee2f98e6a72a1016b9373ac3
isec-0014-mremap-unmap.txt
Posted Feb 18, 2004
Authored by Paul Starzetz | Site isec.pl

A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2.

tags | advisory, kernel
systems | linux
advisories | CVE-2004-0077
SHA-256 | 15e57e93f04e6f6e219e6d6e4da2f41a33f772b68029df65fa0dcaf3e0bde0a7
isec-0013v2-mremap.txt
Posted Jan 15, 2004
Authored by Wojciech Purczynski, Paul Starzetz | Site isec.pl

The mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access. Updated version of the original release of this document.

tags | advisory, arbitrary, kernel, local
systems | linux
advisories | CVE-2003-0985
SHA-256 | 0a4e3c81dc818181f880893f3f4e1c339b5517ada7d7b0d09c8ac1ddf34cbe95
isec-0013-mremap.txt
Posted Jan 5, 2004
Authored by Wojciech Purczynski, Paul Starzetz | Site isec.pl

The mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access.

tags | advisory, arbitrary, kernel, local
systems | linux
advisories | CVE-2003-0985
SHA-256 | 1f3565207e96102d6a63c660b43ba3e8e06061f744c34c3ff6a6df7a1d02e5ef
hatorihanzo.c
Posted Dec 16, 2003
Authored by Wojciech Purczynski, Paul Starzetz

Linux kernel do_brk local root exploit for kernel v2.4 prior to 2.4.23.

tags | exploit, kernel, local, root
systems | linux
SHA-256 | f98be0441d82e009d44e6c534ff42d61320cb3bbe6090cd293642c072981f3d8
linux_kernel_do_brk.pdf
Posted Dec 5, 2003
Authored by Paul Starzetz | Site isec.pl

Whitepaper discussing the do_brk() bug found in the Linux kernel versions 2.4.22 and below.

tags | paper, kernel
systems | linux
SHA-256 | f9441924d1d758b7d9e9169cafe1da43fefef7a64c59926ec655dab9173e8bdc
do_brk.txt
Posted Dec 3, 2003
Authored by Wojciech Purczynski, Paul Starzetz | Site isec.pl

Detailed information on the linux kernel v2.4 prior to v2.4.23 local root vulnerability in the do_brk() kernel function. Kernels 2.4.20-18.9, 2.4.22 (vanilla), and 2.4.22 with grsecurity patch are confirmed vulnerable.

tags | advisory, kernel, local, root
systems | linux
SHA-256 | 43a76479ec2e92c678e1e79c86fa11a5609b490ba6e29b4d220c64300a875126
appcap.tar.gz
Posted Feb 12, 2002
Authored by Paul Starzetz | Site appcap.ihaquer.com

Appcap is an application for x86 Linux which allows root on a machine to attach and redirect standard input and output of any application to his actual tty. Appcap can help admins running a multiuser machine to snoop on users. It is especially very useful for tracing and monitoring ssh and telnet sessions.

tags | x86, root
systems | linux
SHA-256 | cddc2516ea1f004646e84826e5bcfaa6f30d6b1b47320ef43edca41f1c33e5f8
rsx.tar.gz
Posted Jun 6, 2001
Authored by Paul Starzetz | Site ihaquer.com

RSX is a Linux LKM which stops most buffer overflow attacks. It is a Runtime addressSpace eXtender providing on the fly code remapping of existing Linux binaries in order to implement non-executable stack as well as non-exec short/long heap areas. RSX targets common buffer-overflow problems preventing code execution in mapped data-only areas. Currently a 2.4.x version of the kernel module is available.

tags | overflow, kernel, code execution
systems | linux
SHA-256 | ae4b689feaf93c5e1e1b4e43c24cf1ad1d1274a002df6d49a1c9837817fafd10
lsm.tar.gz
Posted May 3, 2001
Authored by Paul Starzetz

LSM (Loadable Security Module) is a simple but effective intrusion prevention loadable kernel module. Currently it protects extended file attributes on ext2 from being modified by the super user and the module from being removed and other modules from being loaded. This basic protection also prevents access to raw devices, so debugfs can not be used on a disk partition nor can a change to the boot process occur. Loading this module prevents lilo configuration.

tags | kernel
systems | linux
SHA-256 | 1de7821846c64cd5d4168a036843a4cea66368f91eaf9ef6b0e7ee18e1f4daf0
maxty.tar.gz
Posted Apr 7, 2001
Authored by Paul Starzetz

Maxty is a small kernel-space tty sniffer. It is a LKM which will attach to read/write syscalls and save incoming/outgoing requests to opened tty devices into separate log files. It provides a way keeping a track what is happening on virtual consoles similar to a keystroke recorder.

tags | kernel
systems | linux
SHA-256 | 44af52529e2c55eecf2a19c6d6257e982aae1af2af68139ed8ece8d2723b156a
sshdexpl.diff.gz
Posted Feb 22, 2001
Authored by Paul Starzetz

Patches for Openssh-2.1.1 to exploit the SSH1 crc32 remote vulnerability.

tags | exploit, remote
SHA-256 | 4d5482a1c11fa6938554ffda52292aaf2894fd00793cdfbc28a33a512f6e94dd
ssh1.crc32.txt
Posted Feb 22, 2001
Authored by Paul Starzetz

This article discusses the recently discovered security hole in the crc32 attack detector as found in common ssh packages like OpenSSH and derivatives using the ssh-1 protocol. It is possible to exploit the crc32 hole to gain remote access to accounts without providing any password or to change login-uid if a valid account on the remote machine exists. Includes an exploit in the form of a set of patches to Openssh-2.1.1.

tags | exploit, remote, protocol
SHA-256 | cd27d3d0419edb7ada37aee549f85877335a9048bec6e6842b8c7614a5947806
smit.tar.gz
Posted Jun 29, 2000
Authored by Paul Starzetz

Smit is a simple ARP hijacking tool for switched and unswitched networks. The source is based on arpmitm and arprelay and includes nice features such as automatic ARP MAC query and an improved MAC cache consistence algorithm. You can also run Smit in transproxy-only mode and use your favourite sniffer to capture 'hijacked' packets on switched networks.

tags | tool, sniffer
SHA-256 | f6b0bbb9acb2b5247541f8e9327ba3a86e30a865317acd35438ed13ae74ed9eb
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close