Apple Mac OSX - mount_smbfs Local Stack Buffer Overflow

Apple Mac OSX - mountsmbfs Local Stack Buffer Overflow / Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179...

Apple Mac OSX - 'mount_smbfs' Local Stack Buffer Overflow

/ Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179 http://seclists.org/fulldisclosure/2007/Dec/0445.html...

CheckPoint Secure Platform Multiple Buffer Overflows

Hi all, we have published a paper about CheckPoint Firewall-1 vulnerabilities. The platform tested is the Secure Platform R60. We have found many buffer overflows. Most of them are located in command line utilities that can be exploited locally. A very few of them maybe can be exploited remotely,...

Tru64 5 (su) Env Local Stack Overflow Exploit

No description provided by source. / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: Tru64 5 su / / Tested under: Tru64 5...

Solaris 8/9 passwd circ() Local Root Exploit

No description provided by source. / $Id: raptorpasswd.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorpasswd.c - passwd circ local, Solaris/SPARC 8/9 Copyright c 2004 Marco Ivaldi [email protected] Unknown vulnerability in passwd1 in Solaris 8.0 and 9.0 allows local users to gain privileges...

Apple Mac OSX 10.4.6 (x86) - launchd Local Format String

Apple Mac OSX 10.4.6 x86 - launchd Local Format String !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/NonExecutableLovin.txt Thi...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (x86)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/NonExecutableLovin.txt This code currently jum...

Apple Mac OSX 10.4.6 (x86) - 'launchd' Local Format String

!/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/NonExecutableLovin.txt This code currently jumps into 0x1811111 via dyldstubclose...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (x86)

Exploit for macOS platform in category local exploits ============================================================== Mac OS X = 10.4.6 launchd Local Format String Exploit x86 ============================================================== !/usr/bin/perl...

Apple Mac OSX 10.4.x - OpenLDAP Denial of Service

source: https://www.securityfocus.com/bid/18728/info Mac OS X Open Directory Server is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions. An attacker can exploit this issue to cause a crash in the LDAP server, effectively denying service to legitimate...

Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability

Description The Microsoft Windows Media Player plugin for non-Microsoft browsers is prone to a buffer-overflow vulnerability. The application fails to do proper boundary checks on user-supplied data before using it in a finite-sized buffer. An attacker can exploit this issue to execute arbitrary...

Solaris 2.6/7/8/9 (SPARC) - &#039;ld.so.1&#039; Local Privilege Escalation

/ $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload.c - ld.so.1 local, Solaris/SPARC 2.6/7/8/9 Copyright c 2003-2004 Marco Ivaldi Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long...

Solaris 789 CDE LibDTHelp - Local Buffer Overflow (2)

Solaris 789 CDE LibDTHelp - Local Buffer Overflow 2 / $Id: raptorlibdthelp2.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp2.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary cod...

Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc)

Exploit for solaris platform in category local exploits ====================================================== Solaris 2.6/7/8/9 ld.so.1 Local Root Exploit sparc ====================================================== / $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload....

Solaris 2.5.12.678 rlogin (SPARC) - binlogin Remote Buffer Overflow

Solaris 2.5.12.678 rlogin SPARC - binlogin Remote Buffer Overflow / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi Buffer overflow in login in various System V based operating systems allows remote...

Solaris 8/9 passwd(1) - 'circ()' Stack-Based Buffer Overflow Privilege Escalation

Solaris 8/9 passwd1 - 'circ' Stack-Based Buffer Overflow Privilege Escalation. CVE-2004-0360. Local exploit for Solaris platform / $Id: raptorpasswd.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorpasswd.c - passwd circ local, Solaris/SPARC 8/9 Copyright c 2004 Marco Ivaldi Unknown vulnerability i...

Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation

Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation. CVE-2003-0834. Local exploit for Solaris platform / $Id: raptorlibdthelp2.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp2.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi...

locale_sol.txt

----/ Exploiting the Libc Locale Subsystem Format String Vulnerability on Solaris/SPARC ---/ 10/10/2000 -/ Solar Eclipse ---/ I. Introduction This paper describes in detail the exploitation of the libc locale format strin g vulnerability on Solaris/SPARC. The full source code for the exploit is...

defeat.solaris.nonexec.stack.txt

Hi, I've recently been playing around with bypassing the non-executable stack protection that Solaris 2.6 provides. I'm referring to the mechanism that you control with the noexecuserstack option in /etc/system. I've found it's quite possible to bypass this protection, using methods described...