62 matches found
EUVD-2014-0511
Malware in sbrugna...
Nysm - A Stealth Post-Exploitation Container
A stealth post-exploitation container. Introduction With the raise in popularity of offensive tools based on eBPF, going from credential stealers to rootkits hiding their own PID, a question came to our mind: Would it be possible to make eBPFinvisible in its own eyes? From there, we created nysm,...
Debian: Security Advisory (DLA-0002-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...
Mageia: Security Advisory (MGASA-2014-0249)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Red-Detector - Scan Your EC2 Instance To Find Its Vulnerabilities Using Vuls.io
Scan your EC2 instance to find its vulnerabilities using Vuls https://vuls.io/en/. Audit your EC2 instance to find security misconfigurations using Lynis https://cisofy.com/solutions/lynis. Scan your EC2 instance for signs of a rootkit using Chkrootkit http://www.chkrootkit.org/. Requirements 1...
UAC - Unix-like Artifacts Collector
UAC is a Live Response collection tool for Incident Response that makes use of built-in tools to automate the collection of Unix-like systems artifacts. It respects the order of volatility and artifacts that are changed during the execution. It was created to facilitate and speed up data...
TuxResponse - Linux Incident Response
TuxResponse is incident response script for linux systems written in bash. It can automate incident response activities on Linux systems and enable you to triage systems quickly, while not compromising with the results. Usually corporate systems would have some kind of monitoring and control, but...
Linux Process Hunter: Prochunter
Prochunter aims to find hidden process with all userspace and most of the kernelspace rootkits. This tool is composed of a kernel module that prints out all running processes walking the taskstruct list and creates /sys/kernel/prochunter/set entry. A python script that invokes the kernel function...
GLSA-201709-05 : chkrootkit: Local privilege escalation
The remote host is affected by the vulnerability described in GLSA-201709-05 chkrootkit: Local privilege escalation When /tmp is mounted without the noexec option chkrootkit will execute files in /tmp with root privileges. Impact : A local attacker could possibly execute arbitrary code with root...
chkrootkit: Local privilege escalation
Background chkrootkit is a tool to locally check for signs of a rootkit. Description When /tmp is mounted without the noexec option chkrootkit will execute files in /tmp with root privileges. Impact A local attacker could possibly execute arbitrary code with root privileges. Workaround Users shou...
Chkrootkit Local Privilege Escalation
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 'Chkrootkit Local Privilege Escalation', 'Description' = %q Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a...
Chkrootkit Local Privilege Escalation Exploit
Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. WfsDelay is set to 24h, since this is how often a chkrootkit scan is scheduled by default. This module requires Metasploit: http://metasploit.com/download Current source:...
Chkrootkit - Local Privilege Escalation (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 'Chkrootkit Local Privilege Escalation', 'Description' = %q Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a...
Chkrootkit Local Privilege Escalation
Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privilege escalation. WfsDelay is set to 24h, since this is how often a chkrootkit scan is scheduled by default. This module requires Metasploit: https://metasploit.com/download Current source:...
Amazon Linux: Security Advisory (ALAS-2014-370)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...
CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...
CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...
Input validation
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...