exploit the possibilities
Showing 1 - 23 of 23 RSS Feed

Files from Paul Starzetz

Email addressihaquer at isec.pl
First Active2000-06-29
Last Active2005-08-07
isec-0023-coredump.txt
Posted Aug 7, 2005
Authored by Paul Starzetz | Site isec.pl

Linux kernel ELF core dump privilege elevation advisory and proof of concept exploit. Affects the 2.2 series up to and including 2.2.27-rc2 and 2.4 up to and including 2.4.31-pre1. Also affected is 2.6 up to and including 2.6.12-rc4.

tags | exploit, kernel, proof of concept
systems | linux
advisories | CVE-2005-1263
MD5 | c376a60b46028e3184c46c76462f95e1
isec-0022-pagefault.txt
Posted Jan 15, 2005
Authored by Paul Starzetz | Site isec.pl

A locally exploitable flaw has been found in the Linux page fault handler code that allows users to gain root privileges if running on multiprocessor machine.

tags | advisory, root
systems | linux
advisories | CVE-2005-0001
MD5 | 6367c640a600fd0ba9cf08fb4736644a
isec-0021-uselib.txt
Posted Jan 7, 2005
Authored by Paul Starzetz | Site isec.pl

Locally exploitable flaws have been found in the Linux binary format loaders' uselib() functions that allow local users to gain root privileges. Linux kernel versions 2.4 up to and including 2.4.29-pre3, 2.6 up to and including 2.6.10 are affected. Exploit included.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2004-1235
MD5 | b8c1d99e53c3f8082e449457f5765447
isec-0019-scm.txt
Posted Dec 30, 2004
Authored by Paul Starzetz | Site isec.pl

A locally exploitable flaw has been found in the Linux socket layer that allows a local user to hang a vulnerable machine. Kernel version 2.4 up to and including 2.4.28 and 2.6 up to and including 2.6.9 are susceptible. Full exploitation provided.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2004-1016
MD5 | 8899648b0df449114a9613a0d4f6a051
isec-0018-igmp.txt
Posted Dec 30, 2004
Authored by Paul Starzetz | Site isec.pl

Multiple bugs both locally and remotely exploitable have been found in the Linux IGMP networking module and the corresponding user API. Full exploit provided. Linux kernels 2.4 up to and include 2.4.28 and 2.6 up to and including 2.6.9 are affected.

tags | exploit, kernel
systems | linux
advisories | CVE-2004-1137
MD5 | b7cd630515de8672732c1abcbf16e912
2427surprise.txt
Posted Nov 20, 2004
Authored by Paul Starzetz | Site isec.pl

A subtle race condition in Linux kernels below 2.4.28 allow a non-root user to increment (up to 256 times) any arbitrary location(s) in kernel space. This flaw could be used to gain elevated privileges.

tags | advisory, arbitrary, kernel, root
systems | linux
MD5 | 42de458b8f020d22510cbfb0a1a95d9e
binfmt_elf.txt
Posted Nov 12, 2004
Authored by Paul Starzetz

Five different flaws have been identified in the Linux ELF binary loader. Exploit included core dumps a non-readable but executable ELF file.

tags | exploit
systems | linux
MD5 | 89d38e2fe7148d28370803dcceda7a1d
isec-0016-procleaks.txt
Posted Aug 5, 2004
Authored by Paul Starzetz | Site isec.pl

A critical security vulnerability has been found in the Linux kernel code handling 64bit file offset pointers. Successful exploitation allows local users to have access to kernel memory. Kernel series affected are 2.4.26 and below and 2.6.7 and below. Full exploit provided.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2004-0415
MD5 | 84d0043e4136ab7bb3a0512bab553ed4
isec-0015-msfilter.txt
Posted Apr 20, 2004
Authored by Wojciech Purczynski, Paul Starzetz | Site isec.pl

Linux kernel versions 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 have an integer overflow in setsockopt MCAST_MSFILTER. Proper exploitation of this vulnerability can lead to privilege escalation.

tags | advisory, overflow, kernel
systems | linux
MD5 | fe315a954750890589fd4ce37cdce068
isec-0014-mremap-unmap.v2.txt
Posted Mar 2, 2004
Authored by Paul Starzetz | Site isec.pl

A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2.

tags | exploit, kernel
systems | linux
advisories | CVE-2004-0077
MD5 | 34d9a30a4201cb1cd237f1d56c8aed20
isec-0014-mremap-unmap.txt
Posted Feb 18, 2004
Authored by Paul Starzetz | Site isec.pl

A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2.

tags | advisory, kernel
systems | linux
advisories | CVE-2004-0077
MD5 | d2250a6f166b77301fc08235625db115
isec-0013v2-mremap.txt
Posted Jan 15, 2004
Authored by Wojciech Purczynski, Paul Starzetz | Site isec.pl

The mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access. Updated version of the original release of this document.

tags | advisory, arbitrary, kernel, local
systems | linux
advisories | CVE-2003-0985
MD5 | fed40c0c67cafbea0cd615fdf1a54a29
isec-0013-mremap.txt
Posted Jan 5, 2004
Authored by Wojciech Purczynski, Paul Starzetz | Site isec.pl

The mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access.

tags | advisory, arbitrary, kernel, local
systems | linux
advisories | CVE-2003-0985
MD5 | caae1f46b6f3b8b0c136d4ef83ebbcd2
hatorihanzo.c
Posted Dec 16, 2003
Authored by Wojciech Purczynski, Paul Starzetz

Linux kernel do_brk local root exploit for kernel v2.4 prior to 2.4.23.

tags | exploit, kernel, local, root
systems | linux
MD5 | 15831ce915376b30d4db0512a3ad10f1
linux_kernel_do_brk.pdf
Posted Dec 5, 2003
Authored by Paul Starzetz | Site isec.pl

Whitepaper discussing the do_brk() bug found in the Linux kernel versions 2.4.22 and below.

tags | paper, kernel
systems | linux
MD5 | 15510d93f5459f12cff4614494ae9be9
do_brk.txt
Posted Dec 3, 2003
Authored by Wojciech Purczynski, Paul Starzetz | Site isec.pl

Detailed information on the linux kernel v2.4 prior to v2.4.23 local root vulnerability in the do_brk() kernel function. Kernels 2.4.20-18.9, 2.4.22 (vanilla), and 2.4.22 with grsecurity patch are confirmed vulnerable.

tags | advisory, kernel, local, root
systems | linux
MD5 | 56a41fe0f4e1ca9efb7d67d8792fc80e
appcap.tar.gz
Posted Feb 12, 2002
Authored by Paul Starzetz | Site appcap.ihaquer.com

Appcap is an application for x86 Linux which allows root on a machine to attach and redirect standard input and output of any application to his actual tty. Appcap can help admins running a multiuser machine to snoop on users. It is especially very useful for tracing and monitoring ssh and telnet sessions.

tags | x86, root
systems | linux
MD5 | 57e5a96a36f90b00238f3757fa3e557b
rsx.tar.gz
Posted Jun 6, 2001
Authored by Paul Starzetz | Site ihaquer.com

RSX is a Linux LKM which stops most buffer overflow attacks. It is a Runtime addressSpace eXtender providing on the fly code remapping of existing Linux binaries in order to implement non-executable stack as well as non-exec short/long heap areas. RSX targets common buffer-overflow problems preventing code execution in mapped data-only areas. Currently a 2.4.x version of the kernel module is available.

tags | overflow, kernel, code execution
systems | linux
MD5 | ca73f0cf8a75d55e1c127d88b96e0f8c
lsm.tar.gz
Posted May 3, 2001
Authored by Paul Starzetz

LSM (Loadable Security Module) is a simple but effective intrusion prevention loadable kernel module. Currently it protects extended file attributes on ext2 from being modified by the super user and the module from being removed and other modules from being loaded. This basic protection also prevents access to raw devices, so debugfs can not be used on a disk partition nor can a change to the boot process occur. Loading this module prevents lilo configuration.

tags | kernel
systems | linux
MD5 | 9e72f64953cdc92114114db0cd1b0607
maxty.tar.gz
Posted Apr 7, 2001
Authored by Paul Starzetz

Maxty is a small kernel-space tty sniffer. It is a LKM which will attach to read/write syscalls and save incoming/outgoing requests to opened tty devices into separate log files. It provides a way keeping a track what is happening on virtual consoles similar to a keystroke recorder.

tags | kernel
systems | linux
MD5 | 8ed7a10a7153e74d0f1495d65783dc4d
sshdexpl.diff.gz
Posted Feb 22, 2001
Authored by Paul Starzetz

Patches for Openssh-2.1.1 to exploit the SSH1 crc32 remote vulnerability.

tags | exploit, remote
MD5 | 5b9cd4b729ec6e7561b1a57d158efd6c
ssh1.crc32.txt
Posted Feb 22, 2001
Authored by Paul Starzetz

This article discusses the recently discovered security hole in the crc32 attack detector as found in common ssh packages like OpenSSH and derivatives using the ssh-1 protocol. It is possible to exploit the crc32 hole to gain remote access to accounts without providing any password or to change login-uid if a valid account on the remote machine exists. Includes an exploit in the form of a set of patches to Openssh-2.1.1.

tags | exploit, remote, protocol
MD5 | d8723d5299634964440e1ff0b8c65d4a
smit.tar.gz
Posted Jun 29, 2000
Authored by Paul Starzetz

Smit is a simple ARP hijacking tool for switched and unswitched networks. The source is based on arpmitm and arprelay and includes nice features such as automatic ARP MAC query and an improved MAC cache consistence algorithm. You can also run Smit in transproxy-only mode and use your favourite sniffer to capture 'hijacked' packets on switched networks.

tags | tool, sniffer
MD5 | 771a34d98d040d197c65efb7bf7e33a1
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close