Grsecurity Kernel PaX - Local Privilege Escalation

Grsecurity Kernel PaX - Local Privilege Escalation / source: https://www.securityfocus.com/bid/22014/info Grsecurity Kernel PaX is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to obtain superuser privileges. A successful attack can result in the complete...

Grsecurity Kernel PaX - Local Privilege Escalation

/ source: https://www.securityfocus.com/bid/22014/info Grsecurity Kernel PaX is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to obtain superuser privileges. A successful attack can result in the complete compromise of the affected computer. NOTE: The...

GRSecurity Linux服务以高权限执行漏洞

BUGTRAQ ID: 16261 Grsecurity Linux是一款开放源代码操作系统。 Grsecurity Linux处理服务的运行权限时存在漏洞，某些情况下可能导致服务以不必要的高权限执行。 Grsecurity安全补丁可能错误地允许服务以高权限运行，如果从管理角色启动服务然后退出Shell的话，就会导致重启的服务仍然存在管理角色。 grsecurity grsecurity Kernel Patch = 2.1.7 grsecurity ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

SA-03.txt

I'm proud to introduce an example of return into libc exploit which works though grsecurity patch protection. Please read source carefully and change some lines cause default version probably wont work on your machine. - This is example, remember it. ; / Grsecurity bypass tryout - system"/bin/sh"...

Design/Logic Flaw

The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active...

CVE-2006-0228

The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active...

CVE-2006-0228

CVE-2006-0228 involves the RBAC helper in grsecurity prior to 2.1.8, where the admin role can inadvertently remain active after the admin creates a service and exits the shell without unauthenticating. This causes the service to restart with the admin role still active, giving elevated privileges...

CVE-2006-0228

The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active...

[VulnWatch] ncompress insecure temporary file creation

ncompress insecure temporary file creation Vendor: ftp://ftp.leo.org/pub/comp/os/unix/linux/sunsite/utils/compress/ Advisory: http://www.zataz.net/adviso/ncompress-09052005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low The vulnerability is caused due to temporary...

kpopper10.txt

kpopper insecure temporary file creation Vendor: http://kpopper.sourceforge.net/ Advisory: http://www.zataz.net/adviso/kpopper-06152005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low The vulnerability is caused due to temporary file being created insecurely. This...

[Full-disclosure] ekg insecure temporary file creation and arbitrary code execution

ekg insecure temporary file creation and arbitrary code execution Vendor: http://dev.null.pl/ekg/ Advisory: http://www.zataz.net/adviso/ekg-06062005.txt Vendor informed: yes Exploit available: no Impact : high Exploitation : high The vulnerabilities are caused due to temporary file being created...

CVE-2002-1826

The CVE-2002-1826 issue affects grsecurity 1.9.4 for the Linux kernel (2.4.18). Local users can bypass read-only protections by using mmap to directly map /dev/mem or /dev/kmem into kernel memory, as described in multiple sources (NVD/Red Hat/CVE lists). The connected documents provide the vulner...

CVE-2002-1826

grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass read-only permissions by using mmap to directly map /dev/mem or /dev/kmem to kernel memory...

PaX Double-Mirrored VMA munmap Local Root Exploit

Exploit for linux platform in category local exploits ================================================= PaX Double-Mirrored VMA munmap Local Root Exploit ================================================= / PaX double-mirrored VMA munmap local root exploit Copyright C 2005 Christophe Devine This...

PaX Double-Mirrored VMA munmap Local Root Exploit

No description provided by source. / PaX double-mirrored VMA munmap local root exploit Copyright C 2005 Christophe Devine This exploit has only been tested on Debian 3.0 running Linux 2.4.29 patched with grsecurity-2.1.1-2.4.29-200501231159 $ gcc paxomatic.c $ ./chpax -m a.out $ ./a.out ... usage...

PaX - Double-Mirrored VMA munmap Privilege Escalation

PaX - Double-Mirrored VMA munmap Privilege Escalation / PaX double-mirrored VMA munmap local root exploit Copyright C 2005 Christophe Devine This exploit has only been tested on Debian 3.0 running Linux 2.4.29 patched with grsecurity-2.1.1-2.4.29-200501231159 $ gcc paxomatic.c $ ./chpax -m a.out ...

grsecurity 2.1.0 release / 5 Linux kernel advisories

grsecurity 2.1.0 release / Linux Kernel advisories -------------------------------------------------------------------- Table Of Contents: 1 grsecurity 2.1.0 announcement and changelog 2 Linux Kernel advisory introduction 3 2.4/2.6 random poolsize sysctl handler integer overflow 4 2.6 scsi ioctl...

OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)

No description provided by source. !/bin/sh OpenSSH = 3.6.p1 - User Identification. Nicolas Couture - [email protected] Description: -Tells you wether or not a user exist on a distant server running OpenSSH. Usage: -You NEED to have the host's public key before executing this script...

OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident

!/bin/sh OpenSSH " exit 1 Verify the arguments. $ != 2 && usage Variables. USER="$1" HOST="$2" =-=-=-=-=-=-=-=-=-=-=-=-= Expect script functions =-=-=-=-=-=-=-=-=-=-=-=-= Expect script for password. expasswd cat expasswd spawn $SSHCMD expect password: send '\r' interact EOF Expect script for erro...

CVE-2002-1826

grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass read-only permissions by using mmap to directly map /dev/mem or /dev/kmem to kernel memory...