Twenty Year Anniversary
Showing 1 - 25 of 1,575 RSS Feed

Operating System: Solaris

Solaris RSH Stack Clash Privilege Escalation
Posted Oct 15, 2018
Authored by Brendan Coles, Qualys Security Advisory | Site metasploit.com

This Metasploit module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This Metasploit module uploads and executes Qualys' Solaris_rsh.c exploit, which exploits a vulnerability in RSH to bypass the stack guard page to write to the stack and create a SUID root shell. This Metasploit module has offsets for Solaris versions 11.1 (x86) and Solaris 11.3 (x86). Exploitation will usually complete within a few minutes using the default number of worker threads (10). Occasionally, exploitation will fail. If the target system is vulnerable, usually re-running the exploit will be successful. This Metasploit module has been tested successfully on Solaris 11.1 (x86) and Solaris 11.3 (x86).

tags | exploit, shell, x86, root
systems | solaris
advisories | CVE-2017-1000364, CVE-2017-3629, CVE-2017-3630, CVE-2017-3631
MD5 | 91b277586c77a3c37e33c0ac990f0483
Samhain File Integrity Checker 4.3.1
Posted Sep 25, 2018
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 9c6beb7ff7149ee80de850c8cc585859
Solaris EXTREMEPARR dtappgather Privilege Escalation
Posted Sep 25, 2018
Authored by Brendan Coles, Hacker Fantastic, Shadow Brokers | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in the dtappgather executable included with Common Desktop Environment (CDE) on unpatched Solaris systems prior to Solaris 10u11 which allows users to gain root privileges. dtappgather allows users to create a user-owned directory at any location on the filesystem using the DTUSERSESSION environment variable. This Metasploit module creates a directory in /usr/lib/locale, writes a shared object to the directory, and runs the specified SUID binary with the shared object loaded using the LC_TIME environment variable. This Metasploit module has been tested successfully on: Solaris 9u7 (09/04) (x86); Solaris 10u1 (01/06) (x86); Solaris 10u2 (06/06) (x86); Solaris 10u4 (08/07) (x86); Solaris 10u8 (10/09) (x86); Solaris 10u9 (09/10) (x86).

tags | exploit, x86, root
systems | solaris
advisories | CVE-2017-3622
MD5 | f10a9baa72d2639e9298d5dc6fb5e7c2
Solaris libnspr NSPR_LOG_FILE Privilege Escalation
Posted Sep 18, 2018
Authored by Marco Ivaldi, Brendan Coles | Site metasploit.com

This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library (libnspr) on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the `NSPR_LOG_FILE` environment variable. The log file is created with the privileges of the running process, resulting in privilege escalation when used in combination with a SUID executable. This Metasploit module writes a shared object to the trusted library directory `/usr/lib/secure` and runs the specified SUID binary with the shared object loaded using the `LD_LIBRARY_PATH` environment variable. This Metasploit module has been tested successfully with libnspr version 4.5.1 on Solaris 10u1 (01/06) (x86) and Solaris 10u2 (06/06) (x86).

tags | exploit, arbitrary, x86, root
systems | solaris
advisories | CVE-2006-4842
MD5 | 0f80a93992c7fdfbc617a2b680a3059e
Samhain File Integrity Checker 4.3.0
Posted Sep 10, 2018
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Added support for /etc/subuid, /etc/subgid maps. Fixed compiler warning on Ubuntu 18.04.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 54591d3bbe3ff0ea837d88310d6bb74a
Sun Solaris 11.3 AVS Local Kernel Root
Posted Aug 2, 2018
Authored by mu-b

Sun Solaris versions 10 and 11.3 and below local kernel root exploit.

tags | exploit, kernel, local, root
systems | solaris
advisories | CVE-2018-2892
MD5 | e87115e82276d32408f82a68e1b2de6f
MagniComp SysInfo mcsiwrapper Privilege Escalation
Posted Feb 20, 2018
Authored by Brendan Coles, Daniel Lawson, Romain Trouve | Site metasploit.com

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This Metasploit module abuses this functionality to set the load path resulting in execution of arbitrary code as root. This Metasploit module has been tested successfully with SysInfo version 10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.

tags | exploit, arbitrary, x86, root
systems | linux, solaris, debian, fedora
advisories | CVE-2017-6516
MD5 | 8b66a6c82ba59a4ce479a1d17b9e36b6
Rootkit Hunter 1.4.6
Posted Feb 19, 2018
Authored by Michael Boelen | Site rootkit.nl

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Changes: Added support for Alpine Linux (busybox). Added the Diamorphine LKM test. Added the ALLOWIPCPID configuration file option. Added the ALLOWIPCUSER configuration file option. Various other additions, improvements, and bug fixes made.
tags | tool, shell, perl, integrity, rootkit
systems | netbsd, unix, solaris
MD5 | 54762d04ec7faa0736cc151271b02c06
Samhain File Integrity Checker 4.2.4
Posted Dec 21, 2017
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 95f89b13e3506592ab8c0c75d85f3807
Samhain File Integrity Checker 4.2.3
Posted Nov 1, 2017
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 437fb656747dd312044f16e09c35c6aa
Samhain File Integrity Checker 4.2.2
Posted Jul 3, 2017
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 41f58fdef3310aba71f39410af5b23dc
Rootkit Hunter 1.4.4
Posted Jun 30, 2017
Authored by Michael Boelen | Site rootkit.nl

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Changes: Added the GLOBSTAR configuration file option. This will set the shells globstar option to allow recursive checks of directories. By default this option is disabled. Added a Japanese translation file. Added support for the 'BSDng' package manager option. This can be used by those BSD systems which have the 'pkg' command available (currently later FreeBSD systems). Various other improvements and bug fixes made.
tags | tool, shell, perl, integrity, rootkit
systems | netbsd, unix, solaris
MD5 | c625bcb5e226d1f2a7a3a530b7e4fbd9
Oracle Solaris 11.1 / 11.3 rsh Stack Clash Privilege Escalation
Posted Jun 29, 2017
Site qualys.com

Oracle Solaris versions 11.1 and 11.3 rsh local privilege escalation stack clash exploit.

tags | exploit, local
systems | solaris
advisories | CVE-2017-3629, CVE-2017-3630, CVE-2017-3631
MD5 | ecf04fec274290660dd63bc7b82fd227
Solaris x86 / SPARC EXTREMEPARR dtappgather Privilege Escalation
Posted Apr 13, 2017
Authored by Hacker Fantastic

Solaris versions 7 through 11 on both x86 and SPARC suffer from an EXTREMEPARR dtappgather local privilege escalation vulnerability.

tags | exploit, x86, local
systems | solaris
MD5 | 595fcc194d20c3822c1f5175c0a7f718
Samhain File Integrity Checker 4.2.1
Posted Apr 6, 2017
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 40fdc9d20233e6c63da2ecd3a623fbe2
CA Common Services casrvc Privilege Escalation
Posted Jan 28, 2017
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers about a medium risk vulnerability that may allow a local attacker to gain additional privileges with products using CA Common Services running on the AIX, HP-UX, Linux, and Solaris platforms. The vulnerability, CVE-2016-9795, occurs due to insufficient validation by the casrvc program. A local unprivileged user can exploit the vulnerability to modify arbitrary files, which can potentially allow a local attacker to gain root level access.

tags | advisory, arbitrary, local, root
systems | linux, solaris, aix, hpux
advisories | CVE-2016-9795
MD5 | c33651df09a1bf032369d8e33acf84d5
SunOS 5.11 Remote ICMP Weakness Kernel Denial Of Service
Posted Jan 21, 2017
Authored by Todor Donev

SunOS version 5.11 remote ICMP weakness kernel denial of service exploit.

tags | exploit, remote, denial of service, kernel
systems | solaris
MD5 | 0ffe0fe030d2bf7166687120627b323a
Samhain File Integrity Checker 4.2.0
Posted Nov 1, 2016
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 39f476e7ac4f97fc9e5b0b1da79e121c
HP Security Bulletin HPSBGN03637 1
Posted Aug 31, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03637 1 - A potential vulnerability has been identified in the AdminUI of the HP Operations Manager for Unix, Solaris, and Linux. The vulnerability could be exploited remotely resulting in Cross-Site Scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
systems | linux, unix, solaris
advisories | CVE-2016-4380
MD5 | 944bb798ff3152a48b7464651c6a3862
HP Security Bulletin HPSBGN03630 2
Posted Aug 12, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03630 2 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed in the AdminUI of HP Operations Manager for Unix, Solaris and Linux. The vulnerability could be exploited remotely to allow remote code execution. Revision 2 of this advisory.

tags | advisory, java, remote, code execution
systems | linux, unix, solaris
advisories | CVE-2016-4373
MD5 | 02d34eec118d8007e5058c6b46cc290c
Samhain File Integrity Checker 4.1.5
Posted Aug 9, 2016
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 835b65ab9ed2a93640b957051708e500
HP Security Bulletin HPSBGN03630 1
Posted Jul 26, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03630 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed in the AdminUI of HP Operations Manager for Unix, Solaris and Linux. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.

tags | advisory, java, remote, code execution
systems | linux, unix, solaris
advisories | CVE-2016-4373
MD5 | c56a386b0416081d9428b22fc21fb08f
Samhain File Integrity Checker 4.1.4
Posted Jun 2, 2016
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | d14f54eb4b556510603c02ad3a35e458
Samhain File Integrity Checker 4.1.3
Posted Apr 19, 2016
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | b87ae2ffb925cd1497ede1ce00b8145f
Samhain File Integrity Checker 4.1.2
Posted Dec 21, 2015
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 80133dc11bd71ffd7250311e9f556802
Page 1 of 63
Back12345Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close