This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.
bc46d127784cc25a8eebe3568a7dc33efb953a22d3a6de8a44f9394b892ee0c6This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.
a2c6557a8aad197f0270adb44eb609acd74de83e2d42b87eb9f291e7a97fe369VSR identified a vulnerability in IQRD. The IQRD service listens locally on a TCP socket bound to port 2479. This socket is intended to allow the Carrier IQ service to request device-specific functionality from IQRD. Unfortunately, there is no restriction or validation on which applications may request services using this socket. As a result, any application with the android.permission.INTERNET permission may connect to this socket and send specially crafted messages in order to perform potentially malicious actions.
62460a143a7893941f8c2a7a320f48f1e15c0964c0c6ff6e99e6284cd21d8be2Calibre E-Book Reader local root race condition exploit that subverts recent changes preventing symlinks and checking path prefixes.
a8d8f271f9bcea57da5e8e80f09acc4ebc27b5f8820e5bdda23f748aa4eb75efDEC Alpha Linux versions 3.0 and below local root exploit.
d76bee4c4585b03f096adb7e2ba9879f136892e3a1e26c3bf3b96050672a92deVSR identified multiple vulnerabilities in VMware Tools, a suite of utilities shipped by VMware with multiple product offerings, as well as by open-source distributions as the open-vm-tools package. The first of these issues results in a minor information disclosure vulnerability, while the second two issues may result in privilege escalation in a VMware guest with VMware Tools installed.
1af05a5d5b02a34bd95ed4566b81d89008382e496b13d51cebc3c4a6458acab9VSR identified a vulnerability in HFS+, a filesystem implemented in the OS X XNU kernel. HFS+ is the default filesystem in use on many installations of the Mac OS X operating system. By exploiting this vulnerability, an unprivileged user with local access to a machine using HFS+ may be able to read raw filesystem data, bypassing file permissions and resulting in information disclosure.
4c4a96b0699e3dfee3ea36679e925786c985788771d9efba8b469276fa52bc3fFreeBSD's crontab implementation suffers from various race condition and symlink vulnerabilities that allow for minor information leakage.
0c48aa105ac5559bbac3c34bec72fc1a917b4bb2c39f51d11be3e0a1932aa408This Metasploit module exploits an input validation error in VideoLAN VLC < 1.1.7. By creating a malicious MKV or WebM file, a remote attacker could execute arbitrary code.
089c03cdcf6cbedcf40c0da3c8c00719db381e766eff4249410bb2a906521f96VSR identified multiple memory corruption vulnerabilities in OpenOffice.org. By convincing a victim to open a maliciously crafted RTF or Word document, arbitrary code may be executed on the victim's machine. Versions prior to 3.3 are affected.
76148fa5fbd6a847442ba5146f5992a028c81ea3ce77f8550dd19a9ce932f325This Linux kernel CAP_SYS_ADMIN exploit leverages a signedness error in the Phonet protocol. By specifying a negative protocol index, it crafts a series of fake structures in userspace and causes the incrementing of an arbitrary kernel address, which then gets leveraged to execute arbitrary kernel code.
09c12d1fafa94bbe4bde3fb6ae32992db287027ff62b658aa13d193e41f7f87fLinux kernel local privilege escalation exploit for versions 2.6.37 and below. It leverages three separate vulnerabilities to achieve root including a NULL pointer dereference, being able to assign arbitrary Econet addresses to arbitrary interfaces, and the ability to write a NULL word to an arbitrary kernel address.
90c6bf981c13631f20aedf98e74ee2ce76bde194f9c594a64c300a938f3bfa47Local Linux kernel exploit that demonstrate how the "mem" array used as scratch space for socket filters is not initialized, allowing unprivileged users to leak kernel stack bytes.
41f4c4f5e19f3b41bc7cfe2dad288a198d7cdca8f0b4d55690ee5693864819b2On October 13th, VSR identified a vulnerability in the RDS protocol, as implemented in the Linux kernel. Because kernel functions responsible for copying data between kernel and user space failed to verify that a user-provided address actually resided in the user segment, a local attacker could issue specially crafted socket function calls to write arbitrary values into kernel memory. By leveraging this capability, it is possible for unprivileged users to escalate privileges to root.
bb09d9a3c04ad643125f43810191104a9e73f9ab75e3f77d497d3f284186f60bLinux kernel versions 2.6.36-rc8 and below RDS privilege escalation exploit.
0262577e3e756fba60e9c378405ae208ebb9563222e21ca4a4b81be04b89e9d5Virtual Security Research, LLC. Security Advisory - VSR identified a vulnerability in the Coda filesystem kernel module, as implemented for FreeBSD and NetBSD. By sending a specially crafted ioctl request to a mounted Coda filesystem, an unprivileged local user could read large portions of kernel heap memory, leading to the disclosure of potentially sensitive information.
2a33556640e8aacacde12fc52c8c1542bef5798e08d4ad672635ca2fb49e83f2The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.
d6f15be99289fd0bcf6c81b9793b54371556cccddb48c1a7ecd9884a927c66d7FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.
64a2478b6758505b56ea79a765292e926f190b7255790d538d7a95e688fd16bbiDefense Security Advisory 06.21.10 - Remote exploitation of a stack buffer overflow vulnerability in version 3.9.2 of LibTIFF, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is due to insufficient bounds checking when copying data into a stack allocated buffer. During the processing of a certain EXIF tag a fixed sized stack buffer is used as a destination location for a memory copy. This memory copy can cause the bounds of a stack buffer to be overflown and this condition may lead to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in version 3.9.2 of libTIFF. Previous versions are not affected.
014d43587d44901b7350126457fa46e3ddd7be36fcae7a02d6977373e2a71713Exim 4 suffers from local symlink and race condition vulnerabilites.
d894d9ac3680893c4de1df8deea0bb09c3c5f18e99348ec10bb3351fafdf3e38The Scientific Atlanta DPC2100 Cable Modem suffers from cross site request forgery and insufficient authentication vulnerabilities.
526edd304fca1c5a00df908a6e6c705539bd6f5e7a759e2196082becea2fc227Ghostscript suffers from code execution and stack overflow vulnerabilities.
3ae78b80a2f029d3507689c46f8386059dca772b84fc5bee89098e5fb38a420bFortify (FORTIFY_SOURCE as used with gdb) suffers from a little trick that allows for reading of arbitrary address space.
5592ed45c719808d090e4002892c4abedb9388b403958b3feadde04a23960930The Deliver mail delivery program suffers from several race condition vulnerabilities.
05333665d18be17f37a1fdfcd655bd89040d70e095e671c464fef3c39c9bf329The ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs package, contain race conditions, information disclosures, and denial of service vulnerabilities.
bee0a8f7594f3657d6643476cfedee7d3fee1c4555768af16fe7f3bde6ab4720
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed