exploit the possibilities
Showing 1 - 25 of 26 RSS Feed

Files from Dan Rosenberg

Email addressdan.j.rosenberg at gmail.com
First Active2010-03-05
Last Active2019-12-23
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
Posted Dec 23, 2019
Authored by Dan Rosenberg, Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.

tags | exploit, kernel, root
systems | linux, fedora, ubuntu
advisories | CVE-2010-3904
MD5 | ae11a67b34fba9d465c0f0b7d84392d0
Reliable Datagram Sockets (RDS) Privilege Escalation
Posted May 19, 2018
Authored by Dan Rosenberg, Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.

tags | exploit, kernel, root
systems | linux, fedora, ubuntu
advisories | CVE-2010-3904
MD5 | ca0aaa65162c3d2e20a520b81415f4ae
HTC IQRD Android Permission Leakage
Posted Apr 23, 2012
Authored by Dan Rosenberg | Site vsecurity.com

VSR identified a vulnerability in IQRD. The IQRD service listens locally on a TCP socket bound to port 2479. This socket is intended to allow the Carrier IQ service to request device-specific functionality from IQRD. Unfortunately, there is no restriction or validation on which applications may request services using this socket. As a result, any application with the android.permission.INTERNET permission may connect to this socket and send specially crafted messages in order to perform potentially malicious actions.

tags | advisory, tcp
advisories | CVE-2012-2217
MD5 | b0da8b8505cdbc872d527eed57dee638
Calibre E-Book Reader Local Root Race Condition
Posted Nov 3, 2011
Authored by Dan Rosenberg, zx2c4

Calibre E-Book Reader local root race condition exploit that subverts recent changes preventing symlinks and checking path prefixes.

tags | exploit, local, root
MD5 | d7de7d66784b296235b391ff4165a7ca
DEC Alpha Linux 3.0 Local Root Exploit
Posted Jun 12, 2011
Authored by Dan Rosenberg

DEC Alpha Linux versions 3.0 and below local root exploit.

tags | exploit, local, root
systems | linux
MD5 | a2c2880ef86ce7e3b139316b5fc23bff
VMware Tools Disclosure / Privilege Escalation
Posted Jun 4, 2011
Authored by Dan Rosenberg | Site vsecurity.com

VSR identified multiple vulnerabilities in VMware Tools, a suite of utilities shipped by VMware with multiple product offerings, as well as by open-source distributions as the open-vm-tools package. The first of these issues results in a minor information disclosure vulnerability, while the second two issues may result in privilege escalation in a VMware guest with VMware Tools installed.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2011-1787, CVE-2011-2145
MD5 | 4c71748e41986375b6f38a245c4ba096
Apple HFS+ Information Disclosure
Posted Mar 22, 2011
Authored by Dan Rosenberg | Site vsecurity.com

VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.

tags | advisory, kernel, local, info disclosure
systems | apple, osx
advisories | CVE-2011-0180
MD5 | 88e8c75c5da3743162437db5778406bf
FreeBSD crontab Information Leakage
Posted Feb 28, 2011
Authored by Dan Rosenberg

FreeBSD's crontab implementation suffers from various race condition and symlink vulnerabilities that allow for minor information leakage.

tags | advisory, vulnerability
systems | freebsd
MD5 | 07b32ae1079a8ee98df86008e1959da3
VideoLAN VLC MKV Memory Corruption
Posted Feb 3, 2011
Authored by Dan Rosenberg | Site metasploit.com

This Metasploit module exploits an input validation error in VideoLAN VLC < 1.1.7. By creating a malicious MKV or WebM file, a remote attacker could execute arbitrary code.

tags | exploit, remote, arbitrary
advisories | CVE-2011-0531, OSVDB-70698
MD5 | 4d6a2b2f0573ea87e21563982f295654
OpenOffice.org Multiple Memory Corruption Vulnerabilities
Posted Jan 26, 2011
Authored by Dan Rosenberg | Site vsecurity.com

VSR identified multiple memory corruption vulnerabilities in OpenOffice.org. By convincing a victim to open a maliciously crafted RTF or Word document, arbitrary code may be executed on the victim's machine. Versions prior to 3.3 are affected.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454
MD5 | 7e847576e7e75f0f8f71e6c73186aa5b
Linux Kernel CAP_SYS_ADMIN To Root Exploit
Posted Jan 5, 2011
Authored by Dan Rosenberg

This Linux kernel CAP_SYS_ADMIN exploit leverages a signedness error in the Phonet protocol. By specifying a negative protocol index, it crafts a series of fake structures in userspace and causes the incrementing of an arbitrary kernel address, which then gets leveraged to execute arbitrary kernel code.

tags | exploit, arbitrary, kernel, protocol
systems | linux
MD5 | 2c7545a3dbd08cf5e303d5c011d11913
Linux Kernel 2.6.37 Local Privilege Escalation
Posted Dec 8, 2010
Authored by Dan Rosenberg

Linux kernel local privilege escalation exploit for versions 2.6.37 and below. It leverages three separate vulnerabilities to achieve root including a NULL pointer dereference, being able to assign arbitrary Econet addresses to arbitrary interfaces, and the ability to write a NULL word to an arbitrary kernel address.

tags | exploit, arbitrary, kernel, local, root, vulnerability
systems | linux
advisories | CVE-2010-4258, CVE-2010-3849, CVE-2010-3850
MD5 | 5b0af44ff36bff6ec1af16b88b07c3af
Linux Kernel Stack Byte Leakage Exploit
Posted Nov 10, 2010
Authored by Dan Rosenberg | Site vsecurity.com

Local Linux kernel exploit that demonstrate how the "mem" array used as scratch space for socket filters is not initialized, allowing unprivileged users to leak kernel stack bytes.

tags | exploit, kernel, local
systems | linux
MD5 | bd6c0e576a643f7175d26ffa6dbcaedb
Linux RDS Protocol Local Privilege Escalation
Posted Oct 19, 2010
Authored by Dan Rosenberg | Site vsecurity.com

On October 13th, VSR identified a vulnerability in the RDS protocol, as implemented in the Linux kernel. Because kernel functions responsible for copying data between kernel and user space failed to verify that a user-provided address actually resided in the user segment, a local attacker could issue specially crafted socket function calls to write arbitrary values into kernel memory. By leveraging this capability, it is possible for unprivileged users to escalate privileges to root.

tags | advisory, arbitrary, kernel, local, root, protocol
systems | linux
advisories | CVE-2010-3904
MD5 | 0e9e2bb825f575a3913d96c0801df0b5
Linux Kernel 2.6.36-rc8 RDS Privilege Escalation
Posted Oct 19, 2010
Authored by Dan Rosenberg | Site vsecurity.com

Linux kernel versions 2.6.36-rc8 and below RDS privilege escalation exploit.

tags | exploit, kernel
systems | linux
advisories | CVE-2010-3904
MD5 | 54ff3c68fb1a6ff5120c84c765210789
Coda Filesystem Kernel Memory Disclosure
Posted Aug 17, 2010
Authored by Dan Rosenberg | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - VSR identified a vulnerability in the Coda filesystem kernel module, as implemented for FreeBSD and NetBSD. By sending a specially crafted ioctl request to a mounted Coda filesystem, an unprivileged local user could read large portions of kernel heap memory, leading to the disclosure of potentially sensitive information.

tags | advisory, kernel, local, info disclosure
systems | netbsd, freebsd
advisories | CVE-2010-3014
MD5 | 041bc9d810c2772873778475c8af4e61
Mac OS X WebDAV Kernel Extension Denial Of Service
Posted Jul 26, 2010
Authored by Dan Rosenberg

The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.

tags | advisory, denial of service, kernel, local
systems | apple, osx
advisories | CVE-2010-1794
MD5 | 435b710d622d103c5cd3285c6c725f47
FuzzDiff Crash Analysis Tool
Posted Jul 26, 2010
Authored by Dan Rosenberg | Site vsecurity.com

FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.

tags | fuzzer
MD5 | ec3d8e64642e2cc6539902f9ff72fd1f
iDEFENSE Security Advisory 2010-06-21.1
Posted Jun 29, 2010
Authored by iDefense Labs, Dan Rosenberg | Site idefense.com

iDefense Security Advisory 06.21.10 - Remote exploitation of a stack buffer overflow vulnerability in version 3.9.2 of LibTIFF, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is due to insufficient bounds checking when copying data into a stack allocated buffer. During the processing of a certain EXIF tag a fixed sized stack buffer is used as a destination location for a memory copy. This memory copy can cause the bounds of a stack buffer to be overflown and this condition may lead to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in version 3.9.2 of libTIFF. Previous versions are not affected.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2010-2067
MD5 | cb517f2204928f66d1e521c30ea92eab
Exim 4 Symlink / Race Condition Vulnerabilities
Posted Jun 4, 2010
Authored by Dan Rosenberg

Exim 4 suffers from local symlink and race condition vulnerabilites.

tags | advisory, local
advisories | CVE-2010-2023, CVE-2010-2024
MD5 | 9074656fbb59e54a22cbb2af6948a1f9
Scientific Atlanta DPC2100 Cable Modem Cross Site Request Forgery
Posted May 25, 2010
Authored by Dan Rosenberg

The Scientific Atlanta DPC2100 Cable Modem suffers from cross site request forgery and insufficient authentication vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2010-2025, CVE-2010-2026
MD5 | bc54b454b787a236cb2a8e47e43a8a32
Ghostscript Stack Overflow
Posted May 12, 2010
Authored by Dan Rosenberg

Ghostscript suffers from code execution and stack overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
advisories | CVE-2010-1869
MD5 | 1502b79afd5ed781ec94dc38a46d262c
Foritfy Arbitrary Memory Address Space
Posted Apr 28, 2010
Authored by Dan Rosenberg

Fortify (FORTIFY_SOURCE as used with gdb) suffers from a little trick that allows for reading of arbitrary address space.

tags | paper, arbitrary
MD5 | d8d53c926f4714c404d8adaf19edcabc
Deliver Race Condition
Posted Mar 25, 2010
Authored by Dan Rosenberg

The Deliver mail delivery program suffers from several race condition vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-0439
MD5 | 1b02a3d94c3b9e1d37dbacf97c1f0e67
ncpfs Race Conditions / Denial Of Service / Disclosure
Posted Mar 6, 2010
Authored by Dan Rosenberg

The ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs package, contain race conditions, information disclosures, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, info disclosure
advisories | CVE-2010-0788, CVE-2010-0790, CVE-2010-0791
MD5 | c4f3190c00d9db2fd6a2e8908227013d
Page 1 of 2
Back12Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    13 Files
  • 24
    Sep 24th
    10 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close