3217 matches found
Setuid Nmap Exploit
Nmap's man page mentions that "Nmap should never be installed with special privileges e.g. suid root for security reasons.." and specifically avoids making any of its binaries setuid during installation. Nevertheless, administrators sometimes feel the need to do insecure things. This module abuse...
Root Access Vulnerability on ZTE Android Device
Certain Android devices manufactured by the China-based ZTE Corporation contain a poorly protected setuid shell that can be used to gain root-access to vulnerable devices, according to Lookout Mobile Security. Any attacker who successfully exploits the vulnerability will have complete control of...
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4186)
This kernel update fixes the following security problems : - The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers IPV6RTHDRTYPE0 that create network amplification between two routers. CVE-2007-2242 The default is that RH0 is disabled now. To...
mount.cifs chdir() File Identification
Blueliv Advisory 2012-004 - Discovered by: Jesus Olmos Gonzalez at Blueliv - Risk: 5/5 - Impact: 1/5 1. VULNERABILITY ------------------------- linux privileged and arbitrary chdir, this leads to an arbitary file identification as root. 2. BACKGROUND ------------------------- mount.cifs GNU...
kernel: no access restrictions of /proc/pid/* after setuid program exec
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lsee...
kernel: no access restrictions of /proc/pid/* after setuid program exec
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lsee...
linux/x86 shellcode - setuid(0)+setgid(0)+add user iph without password - 124 bytes
/ Exploit Title: Linux/x86 Polymorphic ShellCode - setuid0+setgid0+add user 'iph' without password to /etc/passwd setuid - setgid - open - write - close - exit Date: 30/12/2011 Author: pentesters.ir Tested on: Linux x86 - CentOS 6.0 - 2.6.32-71 Website: http://pentesters.ir/ Contact:...
Linux/x86 Polymorphic ShellCode - setuid0+setgid0+add user 'iph' without password to /etc/passwd
Linux/x86 Polymorphic ShellCode - setuid0+setgid0+add user 'iph' without password to /etc/passwd. Shellcode exploit for linx86 platform / Exploit Title: Linux/x86 Polymorphic ShellCode - setuid0+setgid0+add user 'iph' without password to /etc/passwd setuid - setgid - open - write - close - exit...
SuSE 10 Security Update : opie (ZYPP Patch Number 7594)
This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin. CVE-2011-2490 This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...
Trend Micro InterScan Web Security Suite Local Privilege Escalation
Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...
kernel: no access restrictions of /proc/pid/* after setuid program exec
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lsee...
Linux/SuperH - sh4 - setuid0 ; execve"/bin/sh", NULL, NULL 27 bytes
Linux/SuperH - sh4 - setuid0 ; execve"/bin/sh", NULL, NULL 27 bytes. Shellcode exploit for sh4 platform / Linux/SuperH - sh4 - setuid0 ; execve"/bin/sh", NULL, NULL - 27 bytes Tested on debian-sh4 2.6.32-5-sh7751r by Jonathan Salwan - twitter: @jonathansalwan 400054: 17 e3 mov 23,r3 400056: 4a 24...
Linux/SuperH - sh4 - setuid(0) ; execve("/bin/sh", NULL, NULL) - 27 bytes
/ Linux/SuperH - sh4 - setuid0 ; execve"/bin/sh", NULL, NULL - 27 bytes Tested on debian-sh4 2.6.32-5-sh7751r by Jonathan Salwan - twitter: @jonathansalwan 400054: 17 e3 mov 23,r3 400056: 4a 24 xor r4,r4 400058: 0b c3 trapa 11 40005a: 3a 23 xor r3,r3 40005c: 0b e3 mov 11,r3 40005e: 02 c7 mova...
Samba smbmnt Local Privilege Escalation
According to its banner, the version of Samba running on the remote host is in the 2.x or 3.x branch. Such versions are shipped with a utility called 'smbmnt'. When smbmnt has the setuid 'root' bit set, a local user with access to the victim can mount a Samba share and then execute a setuid or...
Trendmicro IWSS 3.1 Privilege Escalation
BUGUROO SECURITY ADVISORY ADVISORY Title: Trendmicro IWSS 3.1 privilege escalation Product: InterScan Web Security Suite IWSS Vendor: TrendMicro Advisory ID: BSA-2011-002 Advisory URL: http://buguroo.com/adv/BSA-2011-002.txt Date published: 25/10/2011 DISCLAIMER Buguroo Offensive Security, S.L...
Code injection
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack...
CVE-2011-4060
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack...
Debian DSA-2319-1 : policykit-1 - race condition
Neel Mehta discovered that a race condition in Policykit, a framework for managing administrative policies and privileges, allowed local users to elevate privileges by executing a setuid program from pkexec. The oldstable distribution lenny does not contain the policykit-1 package. %NASLMINLEVEL...
kernel: no access restrictions of /proc/pid/* after setuid program exec
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lsee...
CentOS Update for popt CESA-2010:0679 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...