Pentoo 2015 - Security-Focused Livecd based on Gentoo

Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32 and 64 bit installable livecd. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched wifi...

Penetration Testers Distro: Pentoo

Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux , Pentoo is provided both as 32 and 64 bit installable livecd. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched wifi...

AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%

A security issue in Linux ASLR implementation which affects some AMD processors has been found. The issue affects to all Linux process even if they are not using shared libraries statically compiled. The problem appears because some mmapped objects VDSO, libraries, etc. are poorly randomized in a...

Grsecurity Kernel PaX Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22014/info Grsecurity Kernel PaX is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to obtain superuser privileges. A successful attack can result in the complete compromise of the...

Linux Kernel Sendpage Local Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Linux Gather Protection Enumeration

This module checks whether popular system hardening mechanisms are in place, such as SMEP, SMAP, SELinux, PaX and grsecurity. It also tries to find installed applications that can be used to hinder, prevent, or detect attacks, such as tripwire, snort, and apparmor. This module is meant to identif...

NetSecL Linux 3.2 released with new XFCE

NetSecL Linux 3.2 released with new XFCE NetSecL 3.2 comes with a brand new XFCE which increased dramatically the performance experience, we closed many bugs and also gained more compatibility to OpenSuse 11.4 – most packages are 11.4 compatible. GrSecurity kernel is updated to 2.6.32.8 please...

NetSecL Linux 3.2 released with new XFCE

NetSecL Linux 3.2 released with new XFCE NetSecL 3.2 comes with a brand new XFCE which increased dramatically the performance experience, we closed many bugs and also gained more compatibility to OpenSuse 11.4 – most packages are 11.4 compatible. GrSecurity kernel is updated to 2.6.32.8 please...

Linux Kernel < 2.6.36-rc1 CAN BCM Privilege Escalation Exploit

No description provided by source. / i-CAN-haz-MODHARDEN.c Linux Kernel 2.6.36-rc1 CAN BCM Privilege Escalation Exploit Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2959 Ben Hawkes discovered an integer overflow in th...

Linux Kernel 2.6.36-rc1 (Ubuntu 10.04 2.6.32) - CAN BCM Local Privilege Escalation

Linux Kernel 2.6.36-rc1 Ubuntu 10.04 2.6.32 - CAN BCM Local Privilege Escalation / i-CAN-haz-MODHARDEN.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2959 Ben Hawkes discovered an integer overflow in the Controller Area Network CAN...

Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Local Privilege Escalation

/ i-CAN-haz-MODHARDEN.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2959 Ben Hawkes discovered an integer overflow in the Controller Area Network CAN subsystem when setting up frame content and filtering certain messages. An attacker...

Multiple vulnerabilities in Exim

================================== Exim Mailer, multiple vulnerabilites June 3, 2010 CVE-2010-2023, CVE-2010-2024 ================================== ==Description== Two vulnerabilities have been discovered in Exim 4, a popular mail transfer agent used on Unix-like systems www.exim.org. 1. When Ex...

Linux 2.6.x fs/pipe.c local root exploit

No description provided by source. For those who were not yet aware, there is at least 3 public exploits since 11/05/2009 for CVE-2009-3547 targeting all linux kernels from 2.6.0 to 2.6.31 included. Since spender and fotis have already release their own, there is not need for us to keep this on o...

Enlightenment - Linux Null PTR Dereference Exploit Framework

No description provided by source. / enlightenment 200909092307 To create your own exploit module for enlightenment, just name it expwhatever.c It will be auto-compiled by the runexploits.sh script and thrown into the list of loaded exploit modules Each module must have the following features: It...

Enlightenment - Linux Null PTR Dereference Framework

Enlightenment - Linux Null PTR Dereference Framework / enlightenment 200909092307 To create your own exploit module for enlightenment, just name it expwhatever.c It will be auto-compiled by the runexploits.sh script and thrown into the list of loaded exploit modules Each module must have the...

Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64)

No description provided by source. / second verse, same as the first CVE-2009-2698 udpsendmsg, x86/x64 Cheers to Julien/Tavis for the bug, p0c73n1 for just throwing code at NULL and finding it executed This exploit is a bit more nuanced and thoughtful ; use ./therebel.sh for everything At this...

Linux sock_sendpage() Local Root Exploit

/ Linux socksendpage NULL pointer dereference Copyright 2009 Ramon de Carvalho Valle This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your...

Linux Kernel 2.6.19 (x86x64) - udp_sendmsg Local Privilege Escalation (2)

Linux Kernel 2.6.19 x86x64 - udpsendmsg Local Privilege Escalation 2 / second verse, same as the first CVE-2009-2698 udpsendmsg, x86/x64 Cheers to Julien/Tavis for the bug, p0c73n1 for just throwing code at NULL and finding it executed This exploit is a bit more nuanced and thoughtful ; use...

Linux Kernel 2.x (RedHat) - 'sock_sendpage()' Ring0 Privilege Escalation (1)

/ dedicated to my best friend in the whole world, Robin Price the joke is in your hands just too easy -- some nice library functions for reuse here though credits to julien tinnes/tavis ormandy for the bug may want to remove the attributeregparm3 for 2.4 kernels, I have no time to test...

Design/Logic Flaw

The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce usertransitiondeny and usertransitionallow rules for the 1 syssetfsuid and 2 syssetfsgid calls, which allows local users to bypass restrictions for those calls...