what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files

lkmpg-1.0.1.html
Posted Sep 6, 2007

Linux Kernel Module Programming Guide

tags | kernel
systems | linux

Related Files

Red Hat Security Advisory 2023-2786-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2786-01 - Wayland is a protocol for a compositor to talk to its clients, as well as a C library implementation of that protocol. The compositor can be a standalone display server running on Linux kernel modesetting and evdev input devices, an X application, or a wayland client itself. The clients can be traditional applications, X servers or other display servers.

tags | advisory, kernel, protocol
systems | linux, redhat
advisories | CVE-2021-3782
SHA-256 | 376d6fcd00cecb782d135719b7baa66bd171461ef415c9123fc82377a08d66c3
Dr Checker 4 Linux
Posted Aug 31, 2021
Authored by Marcin Kozlowski | Site github.com

This is an LLVM based tool to audit Linux kernel module security using both pointer and taint analyses that are flow-sensitive, context-sensitive, and fieldsensitive on kernel drivers. It is port of Dr. Checker.

tags | tool, kernel
systems | linux, unix
SHA-256 | 1fd358d47de323bd7dadfb4148d4c52f11fe6a9eca3e9dbc43431082fd5c62a9
HiddenWall Linux Firewall
Posted Jun 11, 2019
Authored by coolervoid

This is a tool that generates a Linux kernel module for custom rules with Netfilter hooking to block ports, run in hidden mode, perform rootkit functions, etc.

tags | tool, kernel, firewall
systems | linux, unix
SHA-256 | d0dc6f8136db21f01228d49ad0aaf1fb756fbd13cbc46d39483563c187f9fd7c
Reptile LKM Rootkit
Posted May 27, 2018
Authored by mempodippy

Reptile is a Linux kernel module rootkit that hides files, processes, etc. It implements ICMP/UDP/TCP port-knocking backdoors, supports kernels 2.6.x/3.x/4.x, and more.

tags | advisory, tool, kernel, udp, tcp
systems | linux
SHA-256 | 99e0edaf74881cdfe7970d9ed6e4ee516ba2cb18b943fe179ff968d505ae9d25
Debian Security Advisory 4179-1
Posted Apr 24, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4179-1 - This update doesn't fix a vulnerability in linux-tools, but provides support for building Linux kernel modules with the "retpoline" mitigation for CVE-2017-5715 (Spectre variant 2).

tags | advisory, kernel
systems | linux, debian
SHA-256 | e29587414760c63eeb7cf858b2e6b01daa6dc707328f9c69d310f296e1f5a324
Sunxi Linux Module Backdoor
Posted May 23, 2016
Authored by Analiz

This is a Linux kernel module that adds a backdoor to a system. Based on sunxi_debug.

tags | tool, kernel, rootkit
systems | linux, unix
SHA-256 | 4e6f48c2c881d53eaa6936060c88426fcbc23abe2ac8482887470073b2fa311f
Red Hat Security Advisory 2015-0869-01
Posted Apr 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0869-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM's Write to Model Specific Register instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2014-3610, CVE-2014-3611
SHA-256 | 26225351ab56061b5da1791a123ec8764b904a911c83218c2500c2ca7e8fef8f
Red Hat Security Advisory 2014-0163-01
Posted Feb 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0163-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller implementation. A privileged guest user could use this flaw to crash the host. A memory corruption flaw was discovered in the way KVM handled virtual APIC accesses that crossed a page boundary. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-6367, CVE-2013-6368
SHA-256 | 44863daf8622cff24ab177852ccb4bfb7f75bb6a69579ca83ba17b43ea16e8d0
Red Hat Security Advisory 2013-0727-01
Posted Apr 10, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0727-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2013-1796, CVE-2013-1797, CVE-2013-1798
SHA-256 | 8dbf79cce44ee7c7a8b5ef0d8c7a498872b08b14f5e166dcdc471e2aed88b38b
Red Hat Security Advisory 2013-0608-01
Posted Mar 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0608-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.

tags | advisory, remote, arbitrary, kernel, root
systems | linux, redhat
advisories | CVE-2012-6075
SHA-256 | f2e010070aad2343f47b3e482e950b8c4228c64cb7b9aaf1697885a65a553a9c
Red Hat Security Advisory 2012-1235-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1235-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of KVM.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-3515
SHA-256 | 2e72404216c3ee627824dd4a583eb5f74d5968989dd2fb3e58110197360a194d
Red Hat Security Advisory 2012-0676-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0676-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A malicious user in the kvm group on the host could use this flaw to crash the host. A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user in the kvm group on the host who has the ability to assign a device to a guest could use this flaw to crash the host.

tags | advisory, kernel, memory leak
systems | linux, redhat
advisories | CVE-2012-1601, CVE-2012-2121
SHA-256 | 5ec712624114bd7a62ded7e3e13e0b431d5a90f25d887258c19bd6583197a38e
Red Hat Security Advisory 2012-0149-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0149-03 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2011-4347
SHA-256 | 52ddce2218c312d1c3ecce3bfbf426ea56da1c30ba13b0970d775b410ad1bd6c
Red Hat Security Advisory 2012-0051-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0051-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT IRQs when there was no virtual interrupt controller set up. A malicious user in the kvm group on the host could force this situation to occur, resulting in the host crashing.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2011-4622, CVE-2012-0029
SHA-256 | af8fd4be7e42bf124fb681cde41eac8c1e8720966aaaa8352148ac44a7f78499
StJude_LKM-0.23.tar.gz
Posted Dec 7, 2005
Authored by Rodrigo Rubira Branco | Site sourceforge.net

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: StJude/StMichael now has Rodrigo Rubira Branco as its new maintainer. This release fixes compilation problems with 2.4 kernels and also support the newest StMichael (version 0.12).
tags | remote, kernel, local, root
systems | linux
SHA-256 | 346d9edcd3235baec8b9dd85be165c5fd6c0f93f2a6bf3252ac21640c24cc291
pizzaicmp.c
Posted Sep 15, 2004
Authored by Evil | Site eviltime.com

ICMP-based triggered Linux kernel module that executes a local binary upon successful use.

tags | tool, kernel, local, rootkit
systems | linux, unix
SHA-256 | 3e96d2229d340dce20e03b329993d38a8230c2492d818ef162a0761d66676d30
write-filter_lkm.c
Posted Jul 26, 2004
Authored by Bugghy | Site vaida.bogdan.googlepages.com

Linux kernel module that will filter writes for the 2.4 kernel series.

tags | kernel
systems | linux
SHA-256 | 0ecb743a9551bc4043cfabca5eea5394543c2ad4e7287889998590e34e3126a6
uname_lkm.c
Posted Jul 26, 2004
Authored by Bugghy | Site vaida.bogdan.googlepages.com

Linux kernel module that will fake uname output for the 2.4 kernel series.

tags | kernel
systems | linux
SHA-256 | d20de33de4d5fa22a3db75f01fb41451871e54126d92a933a2f391636e6d7d5a
mod_icmp.c
Posted Nov 21, 2003
Authored by fryxar | Site geocities.com

This linux kernel module acts like an icmp proxy for echo/echo-reply packets at kernel level, preventing icmp tunnels through firewalls or directly to the server it is installed on.

tags | kernel
systems | linux
SHA-256 | 9fad32f633cbf5845c1c9aa19434551345fd747ac16e91b836ef8dfa81ef6435
snuffi-0.1.tar.gz
Posted May 12, 2003
Authored by Maik Pfeil | Site arbon.elxsi.de

Snuffi v0.1 is a linux kernel module that adds a hook to the incoming and outgoing queue of netfilter. Currently this module only supports traffic for IPv4 and TCP.

tags | tool, kernel, tcp, firewall
systems | linux
SHA-256 | 6e6f24562877cbfa3f9ec480e172b0a06585a614fbf1ae92d4b99776ec86193e
fuckptrace.c
Posted Apr 2, 2003
Authored by truff | Site projet7.org

fuckptrace is a Linux kernel module used for bypassing anti-ptrace protection used against the reverse engineering process.

tags | kernel
systems | linux
SHA-256 | 4ae4703493e86a63a0d13935e9e14568b86026565924f9ba7e6b114fcc7646ee
nfbypass.c
Posted Apr 2, 2003
Authored by truff | Site projet7.org

nfbypass is a Linux kernel module for the 2.4.x series which, when inserted, will bypass netfilter rules.

tags | kernel
systems | linux
SHA-256 | c92278ac9f69f9e3fce669b4bdaf7609692c9cd2074111ab285fc98a64dc7c63
anti-anti-dbg.c
Posted Nov 2, 2002
Authored by Slacko

anti-anti-debug is a Linux kernel module that is used to stop the technique currently implemented into closed source Linux binaries that disallow or restrict debugging and tracing with tools like gdb and strace.

tags | kernel
systems | linux
SHA-256 | aeca12c39a86982dc39a6c75f1547017d9e4b6274450bd8692153ad954b3dabd
StJude_LKM-0.22.tar.gz
Posted Oct 28, 2002
Authored by Tim Lawless | Site wwjh.net

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: Redhat 8.0's attempt to stop module rootkits stopped StJude as well - added code to discover the sys_call_table during initialization on systems with a non-exported sys_call_table. Fixed some bugs and include problems.
tags | remote, kernel, local, root
systems | linux
SHA-256 | 1d72affc7e06f7cbad96d2f3c0eab42e93abbff260cf5fbb62b13dfcbdf5468e
StJude_LKM-0.21.tar.gz
Posted Aug 7, 2002
Authored by Tim Lawless | Site sourceforge.net

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: Addition of Self Integrity Checks to Detect Attacks against StJude itself, Addition of configuration options to hard-code memory offsets into the source instead of discovery during load time permitting the loading of Stmichael from an initrd, before init spawns and the filesystems are mounted. Added in Kernel Licensing Code to Identify the Kernel License for Newer kernels - No more Tainted Kernels. Really Immutable filesystem support for ext3 fs added. Includes modifications to work with more recent ac kernels.
tags | remote, kernel, local, root
systems | linux
SHA-256 | 18ba017359747bd64ce087008e2e9a292252a6d9659754a1fc1928b307b99330
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close