CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2018/02/02 2:29 p.m.•2 views

CVE-2017-14177

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of ...

7.8CVSS5.8AI score0.00052EPSS

Exploits0References4

Metasploit•added 2018/01/28 5:11 a.m.•114 views

glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid executables...

7.2CVSS7.4AI score0.12375EPSS

Exploits35

RedhatCVE•added 2018/01/23 4:58 p.m.•16 views

CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.8CVSS3.1AI score0.00023EPSS

Ubuntu•added 2018/01/17 1:51 p.m.•60 views

USN-3536-1: GNU C Library vulnerability

It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd2 syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. CVE-2018-1000001...

7.8CVSS8.3AI score0.41417EPSS

Exploits9

0day.today•added 2018/01/16 12:0 a.m.•30 views

Linux/x86 - setuid(0) + execve(/bin/sh,0) Shellcode (25 bytes)

include const char shellcode= "\x6a\x17" // push $0x17 "\x58" // pop %eax "\x31\xdb" // xor %ebx,%ebx "\xcd\x80" // int $0x80 "\xb0\x0b" // mov $0xb,%al So you'll get segfault if it's not able to do the setuid0. If you don't want this you can write "\x6a\x0b\x58" instead of "\xb0\x0b", but the...

0day.today•added 2018/01/16 12:0 a.m.•23 views

Linux/x86 - setuid(0) + execve("/bin/sh",0,0) Shellcode (28 bytes)

/ linux/x86 setuid0 & execve"/bin/sh",0,0 28 bytes http://www.gonullyourself.org sToRm I made this, because http://www.milw0rm.com/shellcode/7115 felt the need to express his "superior" 28-byte shellcode in all caps. I wasn't able to beat his code, but it's no longer special. / char shellcode = /...

7.4AI score

0day.today•added 2018/01/16 12:0 a.m.•17 views

Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (27 bytes)

include const char sc= "\x31\xdb" //xor ebx,ebx "\x8d\x43\x17" //LEA eax,ebx + 0x17 /LEA is FASTER tha push/pop "\x99" //cdq "\xcd\x80" //int 80 //setuid0 shouldn't returns -1 right? ; "\xb0\x0b" //mov al,0bh "\x52" //push edx /Termina la cadena //bin/sh con un 0 "\x68\x6e\x2f\x73\x68"...

0day.today•added 2018/01/16 12:0 a.m.•14 views

Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh,[/bin/sh,NULL])) Shellcode (25 bytes)

include const char shellcode= "\x6a\x17" // push $0x17 "\x58" // pop %eax "\x31\xdb" // xor %ebx,%ebx "\xcd\x80" // int $0x80 "\xb0\x2e" // mov $0x2e,%al "\xcd\x80" // int $0x80 "\xb0\x0b" // mov $0xb,%al So you'll get segfault if it's not able to do the setuid0. If you don't want this you can...

0day.today•added 2018/01/12 12:0 a.m.•16 views

Linux/StrongARM - setuid() Shellcode (20 bytes)

/ 20 byte StrongARM/Linux setuid shellcode funkysh / char shellcode= "\x02\x20\x42\xe0" / sub r2, r2, r2 / "\x04\x10\x8f\xe2" / add r1, pc, 4 / "\x12\x02\xa0\xe1" / mov r0, r2, lsl r2 / "\x01\x20\xc1\xe5" / strb r2, r1, 1 / "\x17\x0b\x90\xef"; / swi 0x90ff17 /...

OpenVAS•added 2018/01/11 12:0 a.m.•12 views

Debian: Security Advisory (DLA-876-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.00086EPSS

Exploits0References2

0day.today•added 2018/01/10 12:0 a.m.•24 views

Alpha - setuid() Shellcode (156 bytes)

char shellcode= "\x30\x15\xd9\x43" / subq $30,200,$16 / "\x11\x74\xf0\x47" / bis $31,0x83,$17 / "\x12\x14\x02\x42" / addq $16,16,$18 / "\xfc\xff\x32\xb2" / stl $17,-4$18 / "\x12\x94\x09\x42" / addq $16,76,$18 / "\xfc\xff\x32\xb2" / stl $17,-4$18 / "\xff\x47\x3f\x26" / ldah $17,0x47ff$31 /...

0.5AI score

CNVD•added 2018/01/08 12:0 a.m.•2 views

Unspecified Vulnerability in GuixSD

GuixSD is an advanced version of a set of GNU Linux operating systems developed by the GNU Project. It is equipped with the GNU Guix package manager, support for transactional upgrades, etc., and provides an interface to the Guile Scheme API. GuixSD Git commit...

5.5CVSS6.8AI score0.00022EPSS

OSV•added 2018/01/03 9:22 p.m.•1 views

USN-3480-3 apport regression

USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local...

5.8AI score

Exploits0References2

Ubuntu•added 2018/01/03 9:22 p.m.•45 views

USN-3480-3: Apport regression

7.3AI score

NVD•added 2018/01/02 5:29 p.m.•10 views

CVE-2017-1000455

GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix...

5.5CVSS5.4AI score0.00022EPSS

OSV•added 2018/01/02 5:29 p.m.•2 views

CVE-2017-1000455

5.5CVSS5.8AI score