12 matches found
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
// // This exploit uses the pokemon exploit of the dirtycow vulnerability // as a base and automatically generates a new passwd line. // The user will be prompted for the new password when the binary is run. // The original /etc/passwd file is then backed up to /tmp/passwd.bak // and overwrites t...
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation
Exploit for linux platform in category local exploits / uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot -pthread $ ./cowroot DirtyCow root privilege escalation Backing up /usr/bin/passwd.. to /tmp/bak Size of binary: 57048 Racing, this may take a while.. /usr/bin/passwd is...
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method)
/ EDB-Note: After getting a shell, doing "echo 0 /proc/sys/vm/dirtywritebackcentisecs" may make the system more stable. uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot -pthread $ ./cowroot DirtyCow root privilege escalation Backing up /usr/bin/passwd.. to /tmp/bak Size of...
Linux Kernel 2.6.22 3.9 - Dirty COW procselfmem Race Condition (Write Access Method)
Linux Kernel 2.6.22 3.9 - Dirty COW procselfmem Race Condition Write Access Method / dirtyc0w.c $ sudo -s echo this is not a test foo chmod 0404 foo $ ls -lah foo -r-----r-- 1 root root 19 Oct 20 15:23 foo $ cat foo this is not a test $ gcc -pthread dirtyc0w.c -o dirtyc0w $ ./dirtyc0w foo...
Linux Kernel 2.6.22 IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26943/info The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately validate specially crafted IPv6 'Hop-By-Hop' headers. Attackers can exploit this issue to cause a kernel pani...
Linux Kernel 2.6.22 Local root Exploit
No description provided by source. cat /tmp/getsuid.c EOF include include include include include include include include char payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n root chown root.root /tmp/s ; chmod 4777 /tmp/s ; rm -f /etc/cron.d/core\n";...
Linux Kernel 2.6.22 Local root Exploit
Exploit for linux platform in category local exploits !/bin/sh ======================================= Linux Kernel 2.6.22 Local root Exploit ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ ...
Linux Kernel 2.6.22 - ftruncate()open() Local Privilege Escalation
Linux Kernel 2.6.22 - ftruncateopen Local Privilege Escalation / gw-ftrex.c: Linux kernel bug information: http://osvdb.org/49081 !!!This is for educational purposes only!!! To use it, you've got to find a sgid directory you've got permissions to write into obviously world-writable, e.g: find /...
Linux Kernel 'SCTP'模块存在漏洞
BUGTRAQ ID: 31121 CVE ID:CVE-2008-3792 CNCVE ID:CNCVE-20083792 Linux是一款开放源代码的操作系统。 Linux内核'SCTP'模块存在多个安全问题,本地攻击者可以利用漏洞获得敏感信息或使内核崩溃。 问题代码如下: file: net/sctp/socket.c ... SCTPSTATIC int sctpgetsockoptstruct sock sk, int level, int optname, char user optval, int user optlen int retval = 0; int len;...
Null pointer dereference
The vmsplicetouser function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations...
Linux Kernel 2.6.22 - IPv6 Hop-By-Hop Header Remote Denial of Service
/ source: https://www.securityfocus.com/bid/26943/info The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately validate specially crafted IPv6 'Hop-By-Hop' headers. Attackers can exploit this issue to cause a kernel panic, denying service to legitimate...
Buffer overflow in moxa driver
Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver moxa.c in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value...