7 matches found
Linux 3.4+ - Arbitrary write with CONFIG_X86_X32
No description provided by source. / Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pass a pointer to a kernel address as...
Mandriva Linux Security Advisory : kernel (MDVSA-2014:038)
Multiple vulnerabilities has been found and corrected in the Linux kernel : The compatsysrecvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIGX86X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter...
Exploit Linux 3.4+ Local Root (CONFIG_X86_X32=y)
OSVDB-ID: 2014-0038 Author: rebel Published: 2014-02-02 / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13 minutes to run because timeout-tvsec...
Linux kernel 3.4+ Arbitrary write with CONFIG_X86_X32
Exploit for linux platform in category local exploits / Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pass a pointer to ...
Linux Kernel 3.4 3.13.2 (Ubuntu 13.0413.10 x64) - CONFIG_X86_X32y Local Privilege Escalation (3)
Linux Kernel 3.4 3.13.2 Ubuntu 13.0413.10 x64 - CONFIGX86X32y Local Privilege Escalation 3 / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13...
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - 'CONFIG_X86_X32' Arbitrary Write (2)
/ Local root exploit for CVE-2014-0038. https://raw.github.com/saelo/cve-2014-0038/master/timeoutpwn.c Bug: The X86X32 recvmmsg syscall does not properly sanitize the timeout pointer passed from userspace. Exploit primitive: Pass a pointer to a kernel address as timeout for recvmmsg, if the...
Sandbox Escape: Linux 3.4+: arbitrary write with CONFIG_X86_X32
asmlinkage long compatsysrecvmmsgint fd, struct compatmmsghdr user mmsg, unsigned int vlen, unsigned int flags, struct compattimespec user timeout int datagrams; struct timespec ktspec; if flags & MSGCMSGCOMPAT return -EINVAL; if COMPATUSE64BITTIME return sysrecvmmsgfd, struct mmsghdr user mmsg,...