what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Linux PTRACE_TRACEME Broken Permission / Object Lifetime Handling
Posted Jul 16, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from broken permission and object lifetime handling for PTRACE_TRACEME.

tags | exploit
systems | linux
advisories | CVE-2019-13272
SHA-256 | 30dafcd01fe3416a51e40e4a4f49ab60f981e89f93b9635b6199d3e4fa21fde9

Related Files

Linux PT_SUSPEND_SECCOMP Permission Bypass / Death Race
Posted May 9, 2022
Authored by Jann Horn, Google Security Research

Linux suffers from two bugs in PT_SUSPEND_SECCOMP. One allows for permission bypass and the other relates to a ptracer death race.

tags | exploit
systems | linux
SHA-256 | 090e7e5a723be850497afe230306c956241cce0eb429877bf07e8c0f06eb2a40
Linux FUSE Use-After-Free
Posted Apr 19, 2022
Authored by Jann Horn, Google Security Research

Linux suffers from a vulnerability where FUSE allows use-after-free reads of write() buffers, allowing theft of (partial) /etc/shadow hashes.

tags | exploit
systems | linux
advisories | CVE-2022-1011
SHA-256 | 2013a523f6140f5f94778f15578c0f1d52f0a0bddd81e46cc48963fbe8fd4efb
Linux Garbage Collection Memory Corruption
Posted Jan 10, 2022
Authored by Jann Horn, Google Security Research

Linux suffers from a garbage collection memory corruption vulnerability by resurrecting a file reference through RCU.

tags | exploit
systems | linux
advisories | CVE-2021-4083
SHA-256 | 638d1db3f45bcd59a8ce424b7eb6551bbe0ff49ecd4eb9c767f096560f4687de
Linux SELinux PTRACE_TRACEME Handler Use-After-Free
Posted Oct 26, 2021
Authored by Jann Horn, Google Security Research

Linux suffers from a use-after-free read in the SELinux handler for PTRACE_TRACEME.

tags | exploit
systems | linux
SHA-256 | 796440de4a29bc2603d127196092fc9ccdd7e9044bbb208b4660cc96ceeb0dcd
Linux TIOCSPGRP Broken Locking
Posted Dec 22, 2020
Authored by Jann Horn, Google Security Research

Linux suffers from broken locking in TIOCSPGRP that can lead to a corrupted refcount.

tags | exploit
systems | linux
advisories | CVE-2020-29661
SHA-256 | 3d16d56ff43c2ab3355f19116f22e1a94fc89347899d1d2c15556ab0e4b4191b
Linux sendmsg() Privilege Escalation
Posted Dec 16, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from a privilege escalation vulnerability via io_uring offload of sendmsg() onto kernel thread with kernel creds.

tags | exploit, kernel
systems | linux
advisories | CVE-2019-19241
SHA-256 | a834b29ddf4d2217f0c133698262209db2f3b93925e28fd750acde84f14c06eb
Linux show_numa_stats() Use-After-Free
Posted Aug 8, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from use-after-free read vulnerabilities in show_numa_stats().

tags | exploit, vulnerability
systems | linux
SHA-256 | 7daf0340da4a54780b2816f43fc842a167e5ce5eecd0e0c90c87101a262a8f9e
Linux Race Condition Use-After-Free
Posted Jun 20, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from a use-after-free via a race condition between modify_ldt() and #BR exception.

tags | exploit
systems | linux
SHA-256 | 1fcbfa390531a70742295db73f9e7ff8f089236459ea40c9adc0d8c41303b3d3
Linux Missing Lockdown
Posted Apr 29, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from a missing locking between ELF coredump code and userfaultfd VMA modification.

tags | exploit
systems | linux
advisories | CVE-2019-11599
SHA-256 | 673a7d5b5c8c34c1c31d9a3eff1b04dbcf78b701cc9cca3e53ef0c155170313f
Linux Overflow Via FUSE
Posted Apr 23, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from a page->_refcount overflow via FUSE with ~140GiB RAM usage.

tags | exploit, overflow
systems | linux
SHA-256 | 8f223059c2e0c5c532eddc4777ac58f752854b9d67abeac1f06d8d9bf6855b94
Linux SNMP NAT Module Out-Of-Bounds Read/Write
Posted Feb 25, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from out-of-bounds read and write vulnerabilities in the SNMP NAT module.

tags | exploit, vulnerability
systems | linux
SHA-256 | 7bd49b3bb3d086c38ebc75bb8575f700166986bda831d3c8b3ef390d3ddb262f
Linux systemd Symlink Dereference Via chown_one()
Posted Oct 26, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from an issue with systemd where chown_one() can dereference symlinks.

tags | exploit
systems | linux
advisories | CVE-2018-15687
SHA-256 | d697c36e79f99a67f9cd338b7bd29e048c68c6bb76813a6a4825722f969d23a4
Linux Semi-Arbitrary Task Stack Read On ARM64 / x86
Posted Oct 18, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from a semi-arbitrary task stack read on ARM64 (and x86) via /proc/$pid/stack.

tags | advisory, arbitrary, x86
systems | linux
SHA-256 | aa57cf6a492d7f45505fa3498cb8e656f5d02f443b0cde3a3cb505708affcfc3
Linux create_elf_tables() Integer Overflow
Posted Sep 26, 2018
Authored by Qualys Security Advisory

Linux suffers from an integer overflow vulnerability in create_elf_tables(). Multiple exploits provided.

tags | exploit, overflow
systems | linux
advisories | CVE-2018-14634
SHA-256 | 96f76be0c1dab33a40b6145fd293ceab661f631350fcf639a1e4bdb1faedbb92
Linux VMA Use-After-Free
Posted Sep 26, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from a VMA use-after-free vulnerability via a buggy vmacache_flush_all() fastpath.

tags | exploit
systems | linux
advisories | CVE-2018-17182
SHA-256 | e61f826cfebf3e7bf6eb9726e31779f1707a0644cc3e2a4e3c0865759d272ace
Linux dmesg Arbitrary Kernel Read
Posted Sep 13, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from an arbitrary kernel read into dmesg via a missing address check in the segfault handler.

tags | advisory, arbitrary, kernel
systems | linux
SHA-256 | d3543609cf07f5bc3c6ff63fec8e66a77587ae2ca18d384c4afa15317c5fc42f
Linux Insufficient Shootdown For Paging-Structure Caches
Posted Sep 11, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from an insufficient shootdown for paging-structure caches.

tags | exploit
systems | linux
SHA-256 | 32e5a4bd6f757fe452ac7e750d0af567a328b2a378460854b5ae256e468c4523
Linux reiserfs listxattr_filler() Heap Overflow
Posted Aug 31, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from a reiserfs listxattr_filler() heap overflow vulnerability.

tags | exploit, overflow
systems | linux
SHA-256 | bda8cff2fd8a8c683d0b06a45887982f218af840ef2b2e66113c85ebc43d76eb
Linux 4-Byte Information Leak
Posted May 18, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from a 4-byte information leak via an uninitialized struct field in the compat adjtimex syscall.

tags | exploit
systems | linux
SHA-256 | 50d39995adad3a015a3b94c0d7b5e9f1f194e700f189b736aefca07019347f73
Sudo get_process_ttyname() Race Condition
Posted Jun 2, 2017
Site qualys.com

Sudo's get_process_ttyname() on Linux suffers from a race condition that allows for root privilege escalation.

tags | exploit, root
systems | linux
advisories | CVE-2017-1000367
SHA-256 | fedac891bbdaf97f55757b635d5ae075843da48925d762d5149a49ade19918cd
McAfee Virus Scan Enterprise For Linux Remote Code Execution
Posted Dec 14, 2016
Authored by Andrew Fasano

McAfee Virus Scan Enterprise for Linux suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution, virus
systems | linux
advisories | CVE-2016-8016, CVE-2016-8017, CVE-2016-8018, CVE-2016-8019, CVE-2016-8020, CVE-2016-8021, CVE-2016-8022, CVE-2016-8023, CVE-2016-8024, CVE-2016-8025
SHA-256 | 26d7834cf5815b1060880e6f39aced196e9baa8ba2abaefb8044358b1c90a16b
Linux SELinux W+X AIO Protection Bypass
Posted Sep 23, 2016
Authored by Jann Horn, Google Security Research

SELinux suffers from a protection bypass that allows for a memory mapping that is both readable and writable.

tags | exploit
SHA-256 | d26907f58e891ec5eb0984325531067ebfcfec48499313b6f58bfd76d6484a2b
Linux BPF Maps Reference Count Overflow
Posted May 3, 2016
Authored by Jann Horn, Google Security Research

Linux suffers from a reference count overflow using BPF maps.

tags | exploit, overflow
systems | linux
SHA-256 | 7adaf8180063a09e3682592ef0ccca5ec1a3445cd1c0424d7f622a7d8f579117
Microsoft Office 2007 MSPTLS Heap Index Integer Underflow
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.

tags | exploit, x86
systems | linux, windows
SHA-256 | 6730e4bcb74ff3ada116f87db7b421bf1d013003c83ef00b178f449904c4d335
Mozilla Maintenance Service Log File Overwrite Elevation Of Privilege
Posted Aug 21, 2015
Authored by Google Security Research, forshaw

The maintenance service creates a log file in a user writable location. It's possible to change the log file to a hardlink to another file to cause file corruption or elevation of privilege.

tags | exploit
systems | linux
advisories | CVE-2015-4481
SHA-256 | 9a1d92cce93d1ad86dd9eac6ec55a2b6aedcc3249f5d93fb13aea55da6b68ba6
Page 1 of 4
Back1234Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close