glibc - realpath() Privilege Escalation Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "glibc 'realpath' Privilege Escalation", 'Description' = %q This module attempts to gain roo...

glibc 'realpath()' Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library glibc version 2.26 and prior. This module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath and create a SUID root shell. The exploit has offsets for glibc...

Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation Exploit

This Metasploit module exploits a race condition and use-after-free in the packetsetring function in net/packet/afpacket.c AFPACKET in the Linux kernel to execute code as root CVE-2016-8655. The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting...

AF_PACKET chocobo_root Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AFPACKET chocoboroot Privilege Escalation', 'Description' = %q This module exploits a race condition and use-after-free in the packetsetring...

AF_PACKET packet_set_ring Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AFPACKET packetsetring Privilege Escalation', 'Description' = %q This module exploits a heap-out-of-bounds write in the packetsetring function in...

AF_PACKET chocobo_root Privilege Escalation

This module exploits a race condition and use-after-free in the packetsetring function in net/packet/afpacket.c AFPACKET in the Linux kernel to execute code as root CVE-2016-8655. The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting a large...

AF_PACKET packet_set_ring Privilege Escalation

This module exploits a heap-out-of-bounds write in the packetsetring function in net/packet/afpacket.c AFPACKET in the Linux kernel to execute code as root CVE-2017-7308. The bug was initially introduced in 2011 and patched in version 4.10.6, potentially affecting a large number of kernels; howev...

Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing UDP Fragmentation Offload UFO. This exploit targets only systems using Ubuntu Trusty / Xenial kernels 4.4.0-21 'Linux Kernel UDP Fragmentation Offset UFO Privilege Escalation', 'Description' = %q This module attempts to gain...

Security update for docker, docker-runc, containerd, golang-github-docker-libnetwork (important)

This update for docker, docker-runc, containerd, golang-github-docker-libnetwork fixes several issues. These security issues were fixed: - CVE-2017-16539: The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi pathnames, which allowed attackers to trigger data loss when...

EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1256)

According to the version of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in...

kernel: Exploitable memory corruption due to UFO to non-UFO path switch

An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ipufoappenddata when building an UFO packet with MSGMORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privilege...

kernel: Exploitable memory corruption due to UFO to non-UFO path switch

An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ipufoappenddata when building an UFO packet with MSGMORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privilege...

DEBIAN-CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

CVE-2017-1000111

CVE-2017-1000111 describes a heap/out-of-bounds race in the Linux kernel’s AF_PACKET socket handling (packet_set_ring) that can be exploited by a local user possessing CAP_NET_RAW to elevate privileges. The issue arises when a socket option changes socket state and races with safety checks; the r...

MGASA-2017-0279 Updated kernel packages fixes security and other bugs

This kernel update is based on upstream 4.4.82 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to code...

UBUNTU-CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

PT-2017-3105 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a heap out-of-bounds condition in AF PACKET sockets, similar to a previously disclosed problem. It involves a race condition between a socket option that change...

kernel: Local privilege escalation in XFRM framework（CVE-2017-7184）

A security issue was reported by ZDI, on behalf of Chaitin Security Research Lab, against the Linux kernel in Ubuntu. It also affected the upstream kernel. Chaitin Security Research Lab discovered that xfrmreplayverifylen, as called by xfrmnewae, did not verify that the user-specified replaywindo...

Ubuntu 15.10 AUFS - allow_userns Fuse/Xattr User Namespaces Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits Source: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/ Introduction Problem description: Aufs is a union filesystem to mix content of different underlying filesystems, e.g. read-only medium with r/w RAM-fs. That ...