Authorization Bypass

spice-gtk is vulnerable to authorization bypass. The communication to polkit for authorization via an API call is vulnerable to a race condition in setuid or pkexec process, which allows a local user to bypass access restrictions...

Privilege Escalation

polkit is vulnerable to privilege escalation. A race condition in the PolicyKit pkcheck utility when the process is specified by its process ID via the --process option, allows a local user to bypass intended authorization and escalate their privileges by starting a setuid or pkexec process befor...

Authorization Bypass

kernel-rt is vulnerable to authorization bypass attacks. The vulnerability exists as the Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access...

xorg-x11-server Local Privilege Escalation

!/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their...

xorg-x11-server 1.20.3 (Solaris 11) - inittab Local Privilege Escalation

xorg-x11-server 1.20.3 Solaris 11 - inittab Local Privilege Escalation !/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the...

xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation

!/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their...

AddressSanitizer (ASan) SUID Executable Privilege Escalation

This module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer ASan. ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The logpath option can be set using the ASANOPTIONS...

ASAN/SUID - Local Privilege Escalation

!/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a vulnerable system. Supply your own targe...

ASANSUID - Local Privilege Escalation

ASANSUID - Local Privilege Escalation !/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a...

Fedora 29 : beep (2018-92eff16e03)

Security fix for CVE-2018-1000532, new non-root permissions and a few smaller fixes. Fix a directory traversal issue introduced with the fix for CVE-2018-1000532, and refuses to run as setuid root or via sudo to avoid any more priviledge escalation issue. ---- Security fix for CVE-2018-1000532 an...

Fedora 28 : flatpak (2018-4d68cf2b1c)

flatpak 1.0.6 release. This release fixes an issue that lets system-wide installed applications create setuid root files inside their app dir somewhere in /var/lib/flatpak/app. Setuid support is disabled inside flatpaks, so such files are only a risk if the user runs them manually outside flatpak...

xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation

!/bin/sh raptorxorgy - xorg-x11-server LPE via modulepath switch Copyright c 2018 Marco Ivaldi A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to...

lighttpd < 1.4.34 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.34. It is, therefore, affected by the following vulnerabilities : - When Server Name Indication SNI is enabled, a flaw exists that could cause the application to use all available SSL ciphers, including we...

xorg-x11-server 1.20.3 - Privilege Escalation

xorg-x11-server 1.20.3 - Privilege Escalation Exploit Title: xorg-x11-server 1.20.3 - Privilege Escalation Date: 2018-10-27 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.x.org/ Version: xorg-x11-server 1.19.0 - 1.20.2 Tested on: OpenBSD 6.3 and 6.4 CVE : CVE-2018-14665 raptorxorgasm...

systemd - chown_one() Dereference Symlinks

systemd - chownone Dereference Symlinks I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When chownone in the recursive chown logic decides that it has to...

systemd - chown_one() can Dereference Symlinks Exploit

Exploit for linux platform in category dos / poc I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When chownone in the recursive chown logic decides that it...

systemd - &#039;chown_one()&#039; Dereference Symlinks

I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When chownone in the recursive chown logic decides that it has to change ownership of a directory entry, it...

New Privilege Escalation Flaw Affects Most Linux Distributions

An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system display server that offers ...

xorg-x11-server 1.20.3 - Local Privilege Escalation Exploit (2)

Exploit for multiple platform in category local exploits xorg-x11-server Local Privilege Escalation 2 !/bin/bash x0rg - Xorg Local Root Exploit Released under the Snitches Get Stitches Public Licence. props to prdelka / fantastic for the shadow vector. Gr33tz to everyone in lizardhq and elsewhere...

CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root...