Buffer underrun vulnerability in Kernel.sprintf

There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or th...

How to: Detect OutlawCountry on YOUR System?

PenTestIT RSS Feed On June 29th 2017, WikiLeaks published documents about the CIA OutlawCountry project that targets computers running the Linux operating systems. Such releases have been code-named "Vault 7" by WikiLeaks. This is a post about a simple method with which you can verify for your se...

RHEL / CentOS 6.x (64-bit) Malicious Kernel Module Detection (OutlawCountry)

According to diagnostic indicators, the remote Red Hat Enterprise Linux or CentOS host may have a malicious kernel module known as OutlawCountry installed. OutlawCountry creates a hidden netfilter table that allows an authenticated attacker to covertly override existing netfilter/iptables firewal...

tcconfig - A Simple Tc Command Wrapper Tool

A Simple tc command wrapper tool. Easy to set up traffic control of network bandwidth/latency/packet-loss to a network interface. Traffic control features Trafic shaping target Apply traffic shaping rules to specific target: Outgoing/Incoming packets Certain IP address/network or port Available...

Direct Memory Access Attack: PCILeech

Direct Memory Access Attack The PCILeech use the USB3380 chip in order to read from and write to the memory of a target system. This is achieved by using DMA over PCI Express. No drivers are needed on the target system. The USB3380 is only able to read 4GB of memory natively, but is able to read...

QuickZip V4. 60 buffer overflow vulnerability details-vulnerability warning-the black bar safety net

This article will provide the reader a detailed description QuickZip v4. 60 buffer overflow vulnerability knowledge. Due to the vulnerabilities in 2010 appeared, so it's designed only for 32-bit Windows XP. So, I decided to try it in 64-bit Windows 7 reproduce the vulnerability, it would be a fun...

Debian/Ubuntu ntfs-3g Local Privilege Escalation

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Debian/Ubuntu ntfs-3g Local Privilege Escalation', 'Description' = %q ntfs-3g mount helper in Ubuntu 16.04, 16.10, Debian 7, 8,...

VirtualBox - Cooperating VMs can Escape from Shared Folder Exploit

Exploit for linux platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1037 There is a security issue in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access to the whole...

DEBIAN-CVE-2014-9645

The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / slash character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command...

CVE-2014-9645

The CVE-2014-9645 entry concerns BusyBox, where the add_probe function in modutils/modprobe.c allows a local user to bypass module-loading restrictions when a slash (/) is used in a module name (e.g., ifconfig /usbserial up or mount -t /snd_pcm none /). This is a local-privilege-elevation style f...

CVE-2014-9645

The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / slash character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command...

Debian/Ubuntu ntfs-3g Local Privilege Escalation

ntfs-3g mount helper in Ubuntu 16.04, 16.10, Debian 7, 8, and possibly 9 does not properly sanitize the environment when executing modprobe. This can be abused to load a kernel module and execute a binary payload as the root user. This module requires Metasploit: https://metasploit.com/download...

Security Using Pre-Existing Routing for Mobile Ad hoc Networks: SUPERMAN

Security Using Pre-Existing Routing for Mobile Ad hoc Networks The flexibility and mobility of Mobile Ad hoc Networks MANETs have made them increasing popular in a wide range of use cases. To protect these networks, security protocols have been developed to protect routing and application data...

Google Android - pm_qos KASLR Bypass Vulnerability

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=971 The "pmqos" module exposes an interface to kernel space for specifying QoS dependencies. In order to aid in debugging this interface, the module exposes a "debugfs" interface,...

In-depth analysis of TIMA any kernel module authentication bypass vulnerability-vulnerability warning-the black bar safety net

In order to ensure that the Android device in Linux kernel the integrity of the, Samsung introduced a named“lkmauth”function. This function was originally designed to ensure that only the Samsung-approved those that the kernel module can only be loaded into the Linux kernel. TIMA any kernel modul...

TIMA Arbitrary Kernel Module Verification Bypass Vulnerability

Samsung's lkmauth feature suffers from a kernel module verification bypass vulnerability. TIMA Arbitrary Kernel Module Verification Bypass In order to ensure the integrity of the Linux Kernel on Android devices, Samsung has introduced a feature called "lkmauth". This feature is meant to make sure...

NVIDIA GPU Display Driver Denial of Service Vulnerability

NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers for Windows from NVIDIA. A security vulnerability exists in the kernel mode layer nvlddmkm.sys for Windows-based platforms or nvidia.ko for Linux-based platforms in all versions of the NVIDIA GPU Display...

GLSA-201612-02 : DavFS2: Local privilege escalation

The remote host is affected by the vulnerability described in GLSA-201612-02 DavFS2: Local privilege escalation DavFS2 installs /usr/sbin/mount.davfs as setuid root. This utility uses system to call /sbin/modprobe. While the call to modprobe itself cannot be manipulated, a local authenticated use...

DavFS2: Local privilege escalation

Background DavFS2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. Description DavFS2 installs “/usr/sbin/mount.davfs” as setuid root. This utility uses “system” to call “/sbin/modprobe”. While the call to “modprobe” itself cannot be manipulated, a local...

The vulnerability of the loaded module for kernel drivers/staging/media/lirc/lirc_imon.ko in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the loaded module containing the Linux kernel’s drivers/staging/media/lirc/lircimon.ko is related to mutual locking in the implementation of the imonprobe handler. Exploiting this vulnerability allows an attacker to cause a system failure when connecting the SoundGraph iMON...