3217 matches found
Linux/x86 - setuid(0) + execve(/bin/sh,0) Shellcode (25 bytes)
Linux/x86 - setuid0 + execve/bin/sh,0 Shellcode 25 bytes. Shellcode exploit for Linuxx86 platform include const char shellcode= "\x6a\x17" // push $0x17 "\x58" // pop %eax "\x31\xdb" // xor %ebx,%ebx "\xcd\x80" // int $0x80 "\xb0\x0b" // mov $0xb,%al So you'll get segfault if it's not able to do...
AIX 6.1 TL 1 : bos.rte.cron (U825668)
The remote host is missing AIX PTF U825668, which is related to the security of the package bos.rte.cron. The at command does not drop permissions when reading certain files. A local attacker may exploit this error to read any file on the system because the command is setuid root. The following...
AIX 6.1 TL 2 : bos.rte.cron (U825550)
The remote host is missing AIX PTF U825550, which is related to the security of the package bos.rte.cron. The at command does not drop permissions when reading certain files. A local attacker may exploit this error to read any file on the system because the command is setuid root. The following...
kernel: exit_notify: kill the wrong capable(CAP_KILL) check
The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the cor...
kernel: exit_notify: kill the wrong capable(CAP_KILL) check
The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...
Important: Red Hat Security Advisory: Red Hat Enterprise Linux 4.8 kernel security and bug fix update
Updated kernel packages are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the eighth regular update. These updated packages fix two security issues, hundreds of bugs, and add numerous enhancements. Space precludes a detailed descriptio...
linux/x86-64 setuid(0) + execve(/bin/sh) 49 bytes
No description provided by source. / setuid0 + execve/bin/sh - just 4 fun. xi4oyu at 80sec.com main asm "xorq %rdi,%rdi\n\t" "mov $0x69,%al\n\t" "syscall \n\t" "xorq %rdx, %rdx \n\t" "movq $0x68732f6e69622fff,%rbx; \n\t" "shr $0x8, %rbx; \n\t" "push %rbx; \n\t" "movq %rsp,%rdi; \n\t" "xorq...
Linux Kernel 2.6.29 ptrace_attach() Local Root Race Condition Exploit
No description provided by source. / GNU/Linux kernel 2.6.29 ptraceattach local root race condition exploit. ========================================================================== This is a local root exploit for the 2.6.29 ptraceattach race condition that allows a process to gain elevated...
Linux Kernel 2.6.29 ptrace_attach() Local Root Race Condition Exploit
Exploit for linux platform in category local exploits ===================================================================== Linux Kernel 2.6.29 ptraceattach Local Root Race Condition Exploit ===================================================================== / GNU/Linux kernel 2.6.29 ptraceatta...
linux/x86-64 setuid(0) + execve(/bin/sh) 49 bytes
Exploit for linux/x86 platform in category shellcode ================================================= linux/x86-64 setuid0 + execve/bin/sh 49 bytes ================================================= / setuid0 + execve/bin/sh - just 4 fun. main asm "xorq %rdi,%rdi\n\t" "mov $0x69,%al\n\t" "syscall...
Linux Kernel 2.6.29 - ptrace_attach() Race Condition Privilege Escalation
Linux Kernel 2.6.29 - ptraceattach Race Condition Privilege Escalation / GNU/Linux kernel 2.6.29 ptraceattach local root race condition exploit. ========================================================================== This is a local root exploit for the 2.6.29 ptraceattach race condition that...
RHEL 5 : kernel (RHSA-2009:0473)
Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...
kernel security update
CentOS Errata and Security Advisory CESA-2009:0473 Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages...
kernel: exit_notify: kill the wrong capable(CAP_KILL) check
The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...
CVE-2009-1527
Race condition in the ptraceattach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACEATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect credexecmutex object...
CVE-2009-1527
Race condition in the ptraceattach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACEATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect credexecmutex object...
kernel: exit_notify: kill the wrong capable(CAP_KILL) check
The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...
libvirt_proxy <= 0.5.1 Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits ========================================================= libvirtproxy /tmp/getuid.c gcc -shared /tmp/getuid.c -o /tmp/getuid.so echo "+ setting up /tmp/run" echo -e "!/bin/sh" /tmp/run echo -e "touch /tmp/success" /tmp/run echo -e "echo...
Mandriva Linux Security Advisory : autofs (MDVSA-2008:009-1)
The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the...