what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

Files

Linux Kernel ptrace/sysret Local Privilege Escalation
Posted Jul 22, 2014
Authored by Vitaly Nikolenko

Linux Kernel ptrace/sysret local privilege escalation proof of concept exploit.

tags | exploit, kernel, local, proof of concept
systems | linux
advisories | CVE-2014-4699
MD5 | 94c88567c610853f4926b687106afb46

Related Files

Linux Polkit pkexec Helper PTRACE_TRACEME Local Root
Posted Oct 23, 2019
Authored by Brendan Coles, Jann Horn, timwr | Site metasploit.com

This Metasploit module exploits an issue in ptrace_link in kernel/ptrace.c before Linux kernel 5.1.17. This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent. In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2019-13272
MD5 | a67b52657090e25d42aa370f66e7ca88
ptrace Sudo Token Privilege Escalation
Posted Sep 2, 2019
Authored by Brendan Coles, chaignc | Site metasploit.com

This Metasploit module attempts to gain root privileges by blindly injecting into the session user's running shell processes and executing commands by calling system(), in the hope that the process has valid cached sudo tokens with root privileges. The system must have gdb installed and permit ptrace. This module has been tested successfully on Debian 9.8 (x64) and CentOS 7.4.1708 (x64).

tags | exploit, shell, root
systems | linux, debian, centos
MD5 | c68e752b3a6a49ce8044fcde8724dad7
Linux 2.6 Kernel ptrace_attach Privilege Escalation
Posted May 14, 2009
Authored by s0m3b0dy

Linux 2.6 kernel ptrace_attach local privilege escalation exploit.

tags | exploit, kernel, local
systems | linux
MD5 | 000a69c57a289aa97e6a372c281c2eba
Ubuntu Security Notice 518-1
Posted Sep 26, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 518-1 - Evan Teran discovered that the Linux kernel ptrace routines did not correctly handle certain requests robustly. Local attackers could exploit this to crash the system, causing a denial of service. It was discovered that hugetlb kernels on PowerPC systems did not prevent the stack from colliding with reserved kernel memory. Local attackers could exploit this and crash the system, causing a denial of service. It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges. Wojciech Purczynski discovered that the Linux kernel ia32 syscall emulation in x86_64 kernels did not correctly clear the high bits of registers. Local attackers could exploit this to gain root privileges.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573
MD5 | b5d8988fb105e46c3ff6fc28098e12ca
ptrace-kmod.c
Posted Apr 2, 2003
Authored by Wojciech Purczynski

Local root exploit for ptrace/kmod that exploits a race condition which creates a kernel thread in an insecure manner. Works under the 2.2.x and 2.4.x series of kernels.

tags | exploit, kernel, local, root
MD5 | 62a1d99ea86b0d49a09346cb59589f5c
ptrace-dark.c
Posted Mar 13, 2002
Authored by Darknessx

Ptrace2.4 is a local root exploit for linux kernels prior to v2.4.9 and 2.2.20.

tags | exploit, kernel, local, root
systems | linux
MD5 | 400dd79a65c806ae4fe25bee6f1573e4
ptrace24.c
Posted Oct 30, 2001

Ptrace24.c is a local root exploit for linux kernels prior to 2.4.9. Works on openwall patched kernels. Uses the su, newgrp, or screen +s binaries. Originally by Nergal. Improved by sd.

tags | exploit, kernel, local, root
systems | linux
MD5 | 0b6d461adc20cb12fef2920d329f920f
ptracekm.tar.gz
Posted Oct 25, 2001
Authored by MadCamel

Ptracekm is a kernel module for Linux 2.2 (Possibly 2.4, but untested) that blocks the ptrace() syscall for all users except root. This should effectively prevent local root from being gained via the latest series of ptrace() exploits.

tags | kernel, local, root
systems | linux
MD5 | a5ebea914e825721d29e4eac84215e5a
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    17 Files
  • 14
    Aug 14th
    7 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close