what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files

StJude_LKM-0.12.tar.gz
Posted Apr 6, 2001
Authored by Tim Lawless | Site sourceforge.net

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: Updated checks and verified compatibility with 2.4.3, and fixed some theoretical bugs.
tags | remote, kernel, local, root
systems | linux
SHA-256 | 9e042e8ecd4bbafd3dca641ff8fa9f48f4ea1fb717af57f9a4757911c51662a0
Download | Favorite | View

Related Files

StJude_LKM-0.23.tar.gz
Posted Dec 7, 2005
Authored by Rodrigo Rubira Branco | Site sourceforge.net

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: StJude/StMichael now has Rodrigo Rubira Branco as its new maintainer. This release fixes compilation problems with 2.4 kernels and also support the newest StMichael (version 0.12).
tags | remote, kernel, local, root
systems | linux
SHA-256 | 346d9edcd3235baec8b9dd85be165c5fd6c0f93f2a6bf3252ac21640c24cc291
Download | Favorite | View
StJude_LKM-0.22.tar.gz
Posted Oct 28, 2002
Authored by Tim Lawless | Site wwjh.net

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: Redhat 8.0's attempt to stop module rootkits stopped StJude as well - added code to discover the sys_call_table during initialization on systems with a non-exported sys_call_table. Fixed some bugs and include problems.
tags | remote, kernel, local, root
systems | linux
SHA-256 | 1d72affc7e06f7cbad96d2f3c0eab42e93abbff260cf5fbb62b13dfcbdf5468e
Download | Favorite | View
StJude_LKM-0.21.tar.gz
Posted Aug 7, 2002
Authored by Tim Lawless | Site sourceforge.net

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: Addition of Self Integrity Checks to Detect Attacks against StJude itself, Addition of configuration options to hard-code memory offsets into the source instead of discovery during load time permitting the loading of Stmichael from an initrd, before init spawns and the filesystems are mounted. Added in Kernel Licensing Code to Identify the Kernel License for Newer kernels - No more Tainted Kernels. Really Immutable filesystem support for ext3 fs added. Includes modifications to work with more recent ac kernels.
tags | remote, kernel, local, root
systems | linux
SHA-256 | 18ba017359747bd64ce087008e2e9a292252a6d9659754a1fc1928b307b99330
Download | Favorite | View
StJude_SKM-0.10.tar.gz
Posted May 14, 2002
Authored by Tim Lawless | Site sourceforge.net

The Saint Jude Solaris Kernel module is a port of the StJude_LKM kernel module into the Solaris 8 kernel for both 32 and 64 bit architectures. This Module implements the Saint Jude Model for the detection of improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits. This is the First public release of the StJude Solaris Kernel Module (SKM). The Version number, though, parallels the capability and maturity of its sister program StJude_LKM. Tested on single and dual Sparc and ultrasparc I/II on Solaris 8.

tags | remote, kernel, local, root
systems | unix, solaris
SHA-256 | cd6b25d7d4a1edb3285c886a6099b8ea8394efc2f6767f20103414573115a6ba
Download | Favorite | View
StJude_LKM-0.20.tar.gz
Posted Jul 30, 2001
Authored by Tim Lawless | Site sourceforge.net

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: Introduced kernel integrity checking, and module support on systems that require module support. Added Read-Only /dev/kmem support. Eliminated the double-execve problem. New configuration script simplifies platform identification, and selection of compile-time options. Updated checks, verified compatibility with 2.4.7, and updated documentation. Changed license to GNU.
tags | remote, kernel, local, root
systems | linux
SHA-256 | 10ed91c76ecba958bba10ae5f2976871efdc47add4787b162dbce8be5ca574c9
Download | Favorite | View
StJude_LKM-0.11.tar.gz
Posted Mar 20, 2001
Authored by Tim Lawless | Site sourceforge.net

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: Several compilation problems are fixed, in addition to a bug where if a process exec'd() without forking, and it was an override rule -- the first execution wouldn't be recorded through learning.
tags | remote, kernel, local, root
systems | linux
SHA-256 | 96e04303160a68d54a4aa8a20b4c0084a12f42e3081363121c48adc0914ea087
Download | Favorite | View
StJude_LKM-0.10.tar.gz
Posted Mar 19, 2001
Authored by Tim Lawless | Site sourceforge.net

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: This is the most stable version yet. Tested with kernel 2.4. Added Learning Parser to facilitate the generation of the Rulebase from the Learning Mode output. Combined with the Override directive, remote root attacks may be thwarted.
tags | remote, kernel, local, root
systems | linux
SHA-256 | f7f922f8f16946ab95f37c07600d7d52e13c7d3e3b2865374f613ca83947a95c
Download | Favorite | View
StJude_LKM-0.07.tar.gz
Posted Mar 19, 2001
Authored by Tim Lawless | Site sourceforge.net

Saint Jude LKM is a Linux Kernel Module for 2.2.0 and greater kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work equally well for both known and unknown exploits.

Changes: Fixes problems on some of the newer Linux distributions. Makefile can now find include files better.
tags | remote, kernel, local, root
systems | linux
SHA-256 | c105819d64f6618d2359f51876d4b6557c65033cc7bb9236e94192f35a1f1e23
Download | Favorite | View
StJude_LKM-0.06.tar.gz
Posted Dec 17, 2000
Authored by Tim Lawless | Site sourceforge.net

Saint Jude LKM is a Linux Kernel Module for 2.2.0 and greater kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work equally well for both known and unknown exploits.

Changes: Fixed some broken code from 0.05 due to a 2AM release.
tags | remote, kernel, local, root
systems | linux
SHA-256 | 3e8c3b45c5408af069bcf8afd580a27ef66c4ba362fb62e8019194ddb54b3518
Download | Favorite | View
StJude_LKM-0.05.tar.gz
Posted Dec 15, 2000
Authored by Tim Lawless | Site sourceforge.net

Saint Jude LKM is a Linux Kernel Module for 2.2.0 and greater kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work equally well for both known and unknown exploits.

Changes: Added new response method which will execute an external command to record and deal with the intrusion. It is likely to be noted by an astute individual that this also affords the opportunity to counter-attack the attacker, using their control channel against them.
tags | remote, kernel, local, root
systems | linux
SHA-256 | 0a1f1e745c9305728343c29b50726a9384d6f9f0123caec99ec9473b156315fb
Download | Favorite | View
StJudeModel.pdf
Posted Nov 2, 2000
Authored by Tim Lawless | Site sourceforge.net

This paper describes how the StJude kernel module stops local and remote exploits from being successful. The Saint Jude model for improper privilege transitions terminates program execution when it is exploited even if the exploit is unknown.

tags | paper, remote, kernel, local
systems | unix
SHA-256 | 32a264782ffbeb3b1d5ac2fe7295419e164d7bcced7404713c2fa709c85c1ee7
Download | Favorite | View
StJude_LKM-0.04.tar.gz
Posted Nov 2, 2000
Authored by Tim Lawless | Site sourceforge.net

Saint Jude LKM is a Linux Kernel Module for 2.2.11 and greater kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occuring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: Fixed bugs, added a Makefile, hid the old execve better, added a homepage.
tags | remote, kernel, local, root
systems | linux
SHA-256 | 37643ba93bc57afffa0b2696e08bb971606429da0f856cdd4260620c42f1b387
Download | Favorite | View
StJude_LKM-0.03.tar.gz
Posted Aug 11, 2000
Authored by Tim Lawless

Saint Jude LKM is a Linux Kernel Module for 2.2.11 and greater kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occuring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: Support for SMP kernels, module-sealing is enabled, and a memory leak fix.
tags | remote, kernel, local, root
systems | linux
SHA-256 | 7a4167f795924aff6fa44181378b1bca05d209648a56ee122e5379cb791f53d9
Download | Favorite | View
StJude_LKM-0.02.tar.gz
Posted Jul 29, 2000
Authored by Tim Lawless

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occuring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

Changes: Fixed bug which would prevent the setreuid syscal from being restored upon exit.
tags | remote, kernel, local, root
systems | linux
SHA-256 | e6bee285fc2507dd3ee0f6b64ca1459171be968066027209d9f561350491b65d
Download | Favorite | View
StJude_LKM-0.01.tar.gz
Posted Jul 10, 2000
Authored by Tim Lawless

Saint Jude LKM is a Linux Kernel Module for the 2.2.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occuring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

tags | remote, kernel, local, root
systems | linux
SHA-256 | b8ffff80b2a870a814849e863b4009e29e85f13516a906df8378915c85b8e177
Download | Favorite | View
stjude-0.4.tgz
Posted Mar 6, 2000
Authored by Tim Lawless

StJude is an attempt to monitor the flow of privilege in my Solaris boxes. It tries to detect privilege violations or improper transitions (ie stack smashing, or other local root exploits) by watching audit trails.

tags | tool, local, root, intrusion detection
systems | unix, solaris
SHA-256 | dc6a5beb02c0c8dca44693e6f1c02adb9803e196194e4af0c5cf6345de7cddae
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    50 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    7 Files
  • 30
    Mar 30th
    31 Files
  • 31
    Mar 31st
    15 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close