USN-2596-1: Linux kernel vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

linux/x86 setuid(0) + setgid(0) + execve("/bin/cat", "/etc//shadow") - 52 by

// linux/x86 setuid0 + setgid0 + execve"/bin/cat", "/etc//shadow" - 52 bytes // Febriyanto Nugroho include char shellcode = "\x6a\x17\x58\xcd\x80\x6a\x2e" "\x58\xcd\x80\x6a\x0b\x58\x99" "\x52\x68\x61\x64\x6f\x77\x68" "\x2f\x2f\x73\x68\x68\x2f\x65" "\x74\x63\x89\xe1\x52\x68\x2f"...

USN-2584-1: Linux kernel (EC2) vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

CVE-2015-3339

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped...

linux/x86 setuid(0, 0) + execve("/usr/sbin/hibernate") + exit(0) - 59 bytes

/ +========================================================================================================= | Exploit Title : linux/x86 setuid0, 0 + execve"/usr/sbin/hibernate" + exit0 - 59 bytes | Exploit Author : Febriyanto Nugroho | Tested on : Linux Debian 5.0.5 |...

Apport/Abrt Local Root Exploit

Exploit for linux platform in category local exploits define GNUSOURCE include include include include include include include include include include include include include include warning this file must be compiled with -static // // Apport/Abrt Vulnerability Demo Exploit. // // Apport:...

IT-Grundschutz M4.020: Restriktive Attributvergabe bei Unix-Benutzerdateien und -verzeichnissen

IT-Grundschutz M4.020: Restriktive Attributvergabe bei Unix-Benutzerdateien und -verzeichnissen. Stand: 14. Ergänzungslieferung 14. EL. OpenVAS Vulnerability Test $Id: GSHBM4020.nasl 7883 2017-11-23 11:22:59Z emoss $ IT-Grundschutz, 14. EL, Maßnahme 4.020 Authors: Thomas Rotter Copyright: Copyrig...

Userhelper-PAM-Path-Vulnerability

synopsis: both 'pam' and 'userhelper' a setuid binary that comes with the 'usermode-1.15' rpm follow .. paths. Since pamstart calls down to pamaddhandler, we can get it to dlopen any file on disk. 'userhelper' being setuid means we can get root...

Red Star 3.0 Desktop Local Root

!/bin/bash Another local 0day in Red Star 3.0 Desktop by TheGreatLeader Run exploit in a X11 terminal and enjoy a root shell... Create temp dir for our payload mkdir /tmp/DPRK msfpayload linux/x86/exec PrependSetuid=true CMD=/bin/bash X echo -e -n...

Linux-Kernel-2.6.34-rc3

The kernel allows processes to access the internal .reiserfspriv directory at the top of a reiserfs filesystem which is used to store xattrs. Permissions are not enforced in that tree, so unprivileged users can view and potentially modify the xattrs on arbitrary files. import os, sys SHELL = 'int...

policycoreutils: Privilege escalation

Background policycoreutils is a collection of SELinux policy utilities. Description The seunshare utility is owned by root with 4755 permissions which can be exploited by a setuid system call. Impact A local attacker may be able to gain escalated privileges. Workaround There is no known workaroun...

GLSA-201412-21 : mod_wsgi: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201412-21 modwsgi: Privilege escalation Two vulnerabilities have been found in modwsgi: Error codes returned by setuid are not properly handled CVE-2014-0240 A memory leak exists via the Content-Type header CVE-2014-0242 Impact : ...

SGI Tempo vx Setuid Privilege Escalation

SGI SUID Root Privilege Escalation Software: SGI Tempo SGI ICE-X Supercomputers Affected Versions: Unknown CVE Reference: CVE-2014-7302 Author: Luke Jennings, John Fitzpatrick, MWR Labs Severity: Medium Risk Vendor: Silicon Graphics International Corp SGI Vendor Response: Uncooperative Descriptio...

OracleVM 2.1 : kernel (OVMSA-2009-0009)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2008-4307 Race condition in the dosetlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service crash via vectors resulting in an interrupted RPC...

Compaq/Hewlett Packard Glance 11.00 Privilege Escalation Vulnerability

It has been identified that binaries that are executed with elevated privileges SetGID and SetUID programs in Compaq/HP's Glance for Linux have been compiled in manner that means they searched for libraries in insecure locations. Versions 11.00 and below are affected. Vulnerability title:...

Compaq/Hewlett Packard Glance 11.00 Privilege Escalation

Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in Compaq/Hewlett Packard Glance for Linux CVE: CVE-2014-2630 Vendor: Compaq/Hewlett Packard Product: Glance for Linux Affected version: 11.00 and subsequent Fixed version: HPSBMU03086 rev.3 Reported by: Tim...

CVE-2014-7298

adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality...

Code injection

adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality...

CVE-2014-7298

CVE-2014-7298 affects Centrify Server Suite (2008–2014.1) and Centrify DirectControl (3.x–4.2.0) on Linux/Unix. The root cause is improperly protected setuid functionality in adsetgroups, allowing local users to read arbitrary files with root privileges. The documents do not provide exploitation ...

CVE-2014-7298

adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality...