exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files

Linux 3.4+ CONFIG_X86_X32=y Local Root
Posted Feb 3, 2014
Authored by rebel

Linux 3.4+ local root exploit that spawns a root shell leveraging CONFIG_X86_X32=y.

tags | exploit, shell, local, root
systems | linux
advisories | CVE-2014-0038
SHA-256 | ede5fc0e0b7e794118d72948df2017010eaec9fd53af8390f4d8bde0ec184fa6

Related Files

Red Hat Security Advisory 2017-0270-01
Posted Feb 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0270-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
SHA-256 | b402cbcea2c91801d89322ab611f389f87c85a4c5c6f65a271fc93df62547a68
Red Hat Security Advisory 2017-0215-01
Posted Jan 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0215-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
SHA-256 | 9773caf065be9c5f7c1b57330e6aebc627b8f3c6632b045a8257a108b8da6d9d
Red Hat Security Advisory 2017-0216-01
Posted Jan 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0216-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
SHA-256 | c186c3b266a35ae94614ffd7a976f4b1e2eb276249557cbb40ab3439fcd12aae
Red Hat Security Advisory 2017-0217-01
Posted Jan 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0217-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-2847, CVE-2016-7117
SHA-256 | 0f04199e8b96f3c0ef49b41aa0b81c70b56ac8c4e9e510b9a19ddf9c1b0c225a
Red Hat Security Advisory 2017-0196-01
Posted Jan 26, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0196-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
SHA-256 | a44d2b242c7a37d563d6dc8f852849a2a378aba0acb3a1df5113f7c57b6564fa
Red Hat Security Advisory 2017-0113-01
Posted Jan 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0113-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. The kernel-rt packages have been upgraded to version 3.10.0-514, which provides a number of security and bug fixes over the previous version. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-6828, CVE-2016-7117, CVE-2016-9555
SHA-256 | ae32125d304c935326bc1a74cc1849c05c36bac1fbbb18bcc366b461cf500527
Red Hat Security Advisory 2017-0091-01
Posted Jan 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0091-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-6828, CVE-2016-7117, CVE-2016-9555
SHA-256 | 4b1ea17eeb74a4a9c87605d8dcce73b522498ff561fc105d5e5fdebb334bbfdb
Red Hat Security Advisory 2017-0065-01
Posted Jan 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0065-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
SHA-256 | 7c283a9ccd3baaf5011ece8e0a9d64f1d2e35deb0a35ec9cc520a87378b4e825
Red Hat Security Advisory 2017-0036-01
Posted Jan 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0036-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-4998, CVE-2016-6828, CVE-2016-7117
SHA-256 | 15164c175d193bcb243a86da700b13f6c2a1a766792df90f796ac8026c818f27
Red Hat Security Advisory 2017-0031-01
Posted Jan 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0031-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
SHA-256 | 9ad7eb5dde2c4eeb2c88e594e6f9fd2abb9e2c9b13c9dc4ea3b4ad1d8ee887dc
Red Hat Security Advisory 2016-2962-01
Posted Dec 20, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
SHA-256 | 88ca76a55ea9f7cb3276bc89c0241b0d89b71386834dda46af34102ce58a9982
Kernel Live Patch Security Notice LSN-0013-1
Posted Nov 30, 2016
Authored by Luis Henriques

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg(2) implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other kernel vulnerabilities were also discovered and addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2016-7042, CVE-2016-7117, CVE-2016-7425, CVE-2016-8658
SHA-256 | 5eae3cc7ae9949b636e16234a44d66f6ecfbbb7d410b77b7636cc74cb28cfc31
Ubuntu Security Notice USN-3126-1
Posted Nov 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3126-1 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service. Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg implementation in the Linux kernel. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7042, CVE-2016-7117
SHA-256 | 4bbf1d4ea527ad684dcc5fc5db86dbe5395379408e2920a2bad340c35edb6728
Ubuntu Security Notice USN-3126-2
Posted Nov 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3126-2 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service. Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg implementation in the Linux kernel. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7042, CVE-2016-7117
SHA-256 | 4ccc284737a64c8c3f06bc96c110403bf3c05592a73bbe558b184db66d8d1d08
Linux Kernel 3.13.1 Recvmmsg Privilege Escalation
Posted Oct 10, 2016
Authored by rebel, h00die | Site metasploit.com

This Metasploit module attempts to exploit CVE-2014-0038, by sending a recvmmsg system call with a crafted timeout pointer parameter to gain root. This exploit has offsets for 3 Ubuntu 13 kernels built in: 3.8.0-19-generic (13.04 default) 3.11.0-12-generic (13.10 default) 3.11.0-15-generic (13.10) This exploit may take up to 13 minutes to run due to a decrementing (1/sec) pointer which starts at 0xff*3 (765 seconds)

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2014-0038
SHA-256 | 82b7ac9274ee1da7aa1283d1f828bf5efb5666ae8d5432aec64d8da96a714f43
Ubuntu Security Notice USN-2107-1
Posted Feb 19, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2107-1 - A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7281, CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7281
SHA-256 | b3bc528bff6baf95d7c471c17737f33a4c77a33309b9eea91e60266a5002c4a3
Ubuntu Security Notice USN-2108-1
Posted Feb 19, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2108-1 - A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7281, CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7281
SHA-256 | ea35c18efad3217e5061d4258858b153ff637c151e0ee61605f0d3641d24dc86
Mandriva Linux Security Advisory 2014-038
Posted Feb 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-038 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service or possibly gain privileges via a crafted application. The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. The updated packages provides a solution for these security issues.

tags | advisory, denial of service, x86, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2014-0038, CVE-2014-1438, CVE-2014-1446
SHA-256 | e2c4547e50770bd3df69abde587f4db32a1c9a1954a305f2d7cf5ee05330a99e
Linux 3.4+ recvmmsg Proof Of Concept
Posted Jan 31, 2014
Authored by Kees Cook

Linux 3.4+ recvmmsg x32 compat proof of concept exploit.

tags | exploit, proof of concept
systems | linux
SHA-256 | 5662db3459ebcd5e6569adefd8e89c500d6c4b915e1d0af5b4ab442214e7b017
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close