accept no compromises
Showing 1 - 12 of 12 RSS Feed

Files from Julien Tinnes

First Active2006-07-12
Last Active2012-07-19
Linux Kernel Sendpage Local Privilege Escalation
Posted Jul 19, 2012
Authored by Brad Spengler, Ramon de C Valle, Tavis Ormandy, Julien Tinnes, egypt | Site metasploit.com

The Linux kernel failed to properly initialize some entries the proto_ops struct for several protocols, leading to NULL being derefenced and used as a function pointer. By using mmap(2) to map page 0, an attacker can execute arbitrary code in the context of the kernel. Several public exploits exist for this vulnerability, including spender's wunderbar_emporium and rcvalle's ppc port, sock_sendpage.c. All Linux 2.4/2.6 versions since May 2001 are believed to be affected: 2.4.4 up to and including 2.4.37.4; 2.6.0 up to and including 2.6.30.4

tags | exploit, arbitrary, kernel, protocol, ppc
systems | linux
advisories | CVE-2009-2692
MD5 | 2592f40037078ac9737526c10644b4e9
Libc sigqueue() Function TGKILL si_code Spoof
Posted Mar 23, 2011
Authored by Julien Tinnes

Libc's sigqueue() function has not been updated to mitigate spoofing of the TGKILL si_code. Because of this, userland is unable to trust the pid and uid information of a TKILL signal.

tags | advisory, spoof
MD5 | dd3a844176b0874e939fe5cab3ff7939
VMWare Workstation Virtual 8086 Linux Local ring0
Posted Oct 27, 2009
Authored by Tavis Ormandy, Julien Tinnes

VMWare Workstation Virtual 8086 Linux Local ring0 exploit.

tags | exploit, local
systems | linux
advisories | CVE-2009-2267
MD5 | f0fbf0b88d488847d728b1c5ed6154de
Madwifi SIOCGIWSCAN Buffer Overflow
Posted Oct 27, 2009
Authored by Laurent Butti, Julien Tinnes

This Metasploit module exploits a stack-based buffer overflow in the Madwifi driver.

tags | exploit, overflow
advisories | CVE-2006-6332
MD5 | 08745c6fa50ec188b98852ec2891a8bd
Linksys apply.cgi Buffer Overflow
Posted Oct 27, 2009
Authored by Raphael Rigo, Julien Tinnes

This Metasploit module exploits a stack overflow in apply.cgi on the Linksys WRT54G and WRT54GS routers. According to iDefense who discovered this vulnerability, all WRT54G versions prior to 4.20.7 and all WRT54GS version prior to 1.05.2 may be be affected.

tags | exploit, overflow, cgi
advisories | CVE-2005-2799
MD5 | f46d36d7aa558c865de93b54fe9cb04b
Iret #GP Pre-Commit Privilege Escalation
Posted Sep 19, 2009
Authored by Tavis Ormandy, Julien Tinnes

Iret #GP may suffer from a privilege escalation vulnerability due to a pre-commit handling failure.

tags | advisory
advisories | CVE-2009-2793
MD5 | fc9092f54cc6482033829d8321aba8c0
marvell-association.txt
Posted Oct 13, 2008
Authored by Laurent Butti, Julien Tinnes

The wireless drivers in some Wi-Fi access points (such as the MARVELL-based Linksys WAP4400N) do not correctly parse some malformed 802.11 frames, allowing for denial of service and possible code execution.

tags | advisory, denial of service, code execution
advisories | CVE-2008-4441
MD5 | 69916c72e730a607915d3836e3cb6687
atheros-overflow.txt
Posted Sep 4, 2008
Authored by Laurent Butti, Julien Tinnes

The wireless drivers in some Wi-Fi access points (such as the ATHEROS-based Linksys WRT350N) do not correctly parse the Atheros vendor specific information element included in association requests allowing for denial of service or possible code execution.

tags | advisory, denial of service, overflow, code execution
advisories | CVE-2007-5474
MD5 | 7230a63128d6e0c50c7cfdd4a27a0bbb
marvell-null.txt
Posted Sep 4, 2008
Authored by Laurent Butti, Julien Tinnes

The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from a NULL SSID association request vulnerability that allows for denial of service and possibly code execution.

tags | advisory, denial of service, code execution
advisories | CVE-2008-1197
MD5 | 7b4fbf20ade08e1cd70a32238d9e2ba4
marvell-overflow.txt
Posted Sep 4, 2008
Authored by Laurent Butti, Julien Tinnes

The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from an overflow vulnerability when parsing malformed EAPoL-Key packets.

tags | advisory, overflow
advisories | CVE-2008-1144
MD5 | e9176cad9b5b34f5fbe34dc7d15e0808
madwifi.txt
Posted Dec 8, 2006
Authored by Laurent Butti, Jerome RAZNIEWSKI, Julien Tinnes

There is a buffer overflow in the Madwifi Atheros driver in some functions called by SIOCSIWSCAN ioctl.

tags | advisory, overflow
advisories | CVE-2006-6332
MD5 | 85ad9569cc390f3940ea36572456c226
Linux Kernel 2.6.17.4 sys_prctl() Local Root
Posted Jul 12, 2006
Authored by Julien Tinnes

Linux Kernel versions 2.6.13 through 2.6.17.4 sys_prctl() local root exploit.

tags | exploit, kernel, local, root
systems | linux
MD5 | 2a30453aeb1606762bacb68e2763cc0b
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    2 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close