ReiserFS (Linux Kernel 2.6.34-rc3 RedHat Ubuntu 9.10) - xattr Local Privilege Escalation

ReiserFS Linux Kernel 2.6.34-rc3 RedHat Ubuntu 9.10 - xattr Local Privilege Escalation !/usr/bin/env python ''' team-edward.py Linux Kernel http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=568041 The kernel allows processes to access the internal ".reiserfspriv"...

ReiserFS (Linux Kernel 2.6.34-rc3 / RedHat / Ubuntu 9.10) - 'xattr' Local Privilege Escalation

!/usr/bin/env python ''' team-edward.py Linux Kernel http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=568041 The kernel allows processes to access the internal ".reiserfspriv" directory at the top of a reiserfs filesystem which is used to store xattrs. Permissions...

DEBIAN-CVE-2010-0826

The Free Software Foundation FSF Berkeley DB NSS module aka libnss-db 2.2.3pre1 reads the DBCONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module...

CVE-2010-0826

The Free Software Foundation FSF Berkeley DB NSS module aka libnss-db 2.2.3pre1 reads the DBCONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module...

Design/Logic Flaw

The Free Software Foundation FSF Berkeley DB NSS module aka libnss-db 2.2.3pre1 reads the DBCONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module...

CVE-2010-0826

The Free Software Foundation FSF Berkeley DB NSS module aka libnss-db 2.2.3pre1 reads the DBCONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module...

CVE-2010-0826

The Free Software Foundation FSF Berkeley DB NSS module aka libnss-db 2.2.3pre1 reads the DBCONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module...

CVE-2010-0826

The CVE-2010-0826 issue affects the Free Software Foundation’s Berkeley DB NSS module (libnss-db) in the nss_db package (2.2.3pre1). The vulnerability arises because DB_CONFIG can be read from the current working directory, enabling a local attacker with setgid/setuid usage of the module to exfil...

openSUSE Security Update : cifs-mount (cifs-mount-2128)

With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files CVE-2010-0926. This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in...

openSUSE Security Update : cifs-mount (cifs-mount-2128)

With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files CVE-2010-0926. This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in...

SuSE 11 Security Update : Samba (SAT Patch Number 2126)

With enabled 'wide links' Samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files CVE-2010-0926. This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in...

DSA-2007-1 cups - arbitrary code execution

Bulletin has no description...

kernel: personality: fix PER_CLEAR_ON_SETID

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...

solaris/x86 setuid(0) execve(//bin/sh)

No description provided by source. / ; sm4x 2008 ; setuid0, execve'/bin/sh', '/bin/sh', 0, ; 39 bytes NizzULL free you know... ; SunOS sol01 5.11 snv86 i86pc i386 i86pc Solaris ; quick port to drop root sh - ; - SunOS is pwnij global start start: xor eax, eax ; --- setuid0 push eax push eax mov a...

CentOS 5 : kernel (CESA-2009:0473)

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

linux/x86 break chroot 87 bytes

Exploit for linux/x86 platform in category shellcode =============================== linux/x86 break chroot 87 bytes =============================== bt:/ ./pwn perl -e 'print "\x90"x181...

Linux - setuid(0) & execve("/sbin/poweroff -f")

No description provided by source. include stdio.h / linux/x86 ; setuid0 & execve"/sbin/poweroff -f" 47 bytes written by ka0x - ka0x01alt+64gmail.com lun sep 21 16:40:16 CEST 2009 greets: an0de, Piker, xarnuz, NullWave07, Pepelux, JosS, sch3m4, Trancek, Hendrix and others! / int main char shellco...

Linux - setuid(0) and cat /etc/shadow

No description provided by source. include stdio.h / linux/x86 ; setuid0 & execve/bin/cat /etc/shadow 49 bytes written by ka0x - ka0x01alt+64gmail.com lun sep 21 16:40:16 CEST 2009 greets: an0de, Piker, xarnuz, NullWave07, Pepelux, JosS, sch3m4, Trancek and others! / int main char shellcode =...

CVE-2009-4240

Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors...

CVE-2009-4240

Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors...