108 matches found
Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page (2)
Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page 2 / The code is modified from https://www.exploit-db.com/exploits/43199/ / define GNUSOURCE include include include include include include include include include include include include define TRIESPERPAGE 20000000 define PAGESIZE...
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page (2)
/ The code is modified from https://www.exploit-db.com/exploits/43199/ / define GNUSOURCE include include include include include include include include include include include include define TRIESPERPAGE 20000000 define PAGESIZE 0x1000 define MEMESETVAL 0x41 define MAPSIZE 0x200000 define STRIN...
lrzip denial of service vulnerability (CNVD-2017-07521)
lrzip Long Range ZIP is an open source compression utility for large files. A denial of service vulnerability exists in the 'joinpthread' function in the stream.c file of liblrzip.so in lrzip version 0.631. A remote attacker can exploit this vulnerability to cause a denial of service null pointer...
DEBIAN-CVE-2017-8843
The joinpthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted archive...
PT-2017-18573 · Lrzip · Lrzip
Name of the Vulnerable Software and Affected Versions: lrzip version 0.631 Description: The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted archive. This is due to a problem in the join pthread function in...
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Local Privilege Escalation
// CAPNETADMIN - root LPE exploit for CVE-2016-9793 // No KASLR, SMEP or SMAP bypass included // Affected kernels: 3.11 - 4.8 // Tested in QEMU only // https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793 // // Usage: // gcc -pthread exploit.c -o exploit // chown guest:guest exploit...
Linux Kernel 2.6.22 < 3.9 - Dirty COW /proc/self/mem Race Condition Privilege Escalation (/etc/pa
Exploit for linux platform in category local exploits // EDB-Note: Compile: g++ -Wall -pedantic -O2 -std=c++11 -pthread -o dcow 40847.cpp -lutil // EDB-Note: Recommended way to run: ./dcow -s Will automatically do "echo 0 /proc/sys/vm/dirtywritebackcentisecs" // //...
Linux Kernel 2.6.22 3.9 - Dirty COW PTRACE_POKEDATA Race Condition (Write Access Method)
Linux Kernel 2.6.22 3.9 - Dirty COW PTRACEPOKEDATA Race Condition Write Access Method // $ echo pikachu|sudo tee pokeball;ls -l pokeball;gcc -pthread pokemon.c -o d;./d pokeball miltank;cat pokeball include //// pikachu include //// -rw-r--r-- 1 root root 8 Apr 4 12:34 pokeball include ////...
DirtyCow Linux Kernel Race Condition Exploit
Exploit for linux platform in category local exploits / dirtyc0w.c $ sudo -s echo this is not a test foo chmod 0404 foo $ ls -lah foo -r-----r-- 1 root root 19 Oct 20 15:23 foo $ cat foo this is not a test $ gcc -lpthread dirtyc0w.c -o dirtyc0w $ ./dirtyc0w foo m00000000000000000 mmap 56123000...
Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 Exploit
Exploit for linux platform in category local exploits / CVE-2014-3153 exploit for RHEL/CentOS 7.0.1406 By Kaiqu Chen email protected Based on libfutex and the expoilt for Android by GeoHot. Usage: $gcc exploit.c -o exploit -lpthread $./exploit / include include include include include include...
Linux Kernel 3.14.5 (CentOS 7 RHEL) - libfutex Local Privilege Escalation
Linux Kernel 3.14.5 CentOS 7 RHEL - libfutex Local Privilege Escalation / CVE-2014-3153 exploit for RHEL/CentOS 7.0.1406 By Kaiqu Chen [email protected] Based on libfutex and the expoilt for Android by GeoHot. Usage: $gcc exploit.c -o exploit -lpthread $./exploit / include include include include...
Safari 8.0 Crash Proof Of Concept
@w3bd3vil svg padding-top: 1337%; box-sizing: border-box; 0x7fff8ab10282: jae 0x7fff8ab1028c ; pthreadkill + 20 0x7fff8ab10284: movq %rax, %rdi 0x7fff8ab10287: jmp 0x7fff8ab0bca3 ; cerrornocancel 0x7fff8ab1028c: retq lldb register read General Purpose Registers: rax = 0x0000000000000000 rbx =...
FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit
No description provided by source. / FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread...
Design/Logic Flaw
Untrusted search path vulnerability in the pthreadwin32processattachnp function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory. NOTE: some of these details are obtained from third party informati...
Scientific Linux Security Update : openafs on SL41-45 i386/x86_64
In pthread-aware fileservers, the 'hostglock' pthread lock, accessed via the HLOCK and HUNLOCK macros, is used to provide safe access to host structures. This lock is required to be held when updating information pertaining to a host. The RPC handler for the GiveUpAllCallBacks RPC did not hold th...
Scientific Linux Security Update : openafs on SL5.0 i386/x86_64
In pthread-aware fileservers, the 'hostglock' pthread lock, accessed via the HLOCK and HUNLOCK macros, is used to provide safe access to host structures. This lock is required to be held when updating information pertaining to a host. The RPC handler for the GiveUpAllCallBacks RPC did not hold th...
Apache - Denial of Service
Apache - Denial of Service / This is a reverse engineered version of the exploit for CVE-2011-3192 made by ev1lut10n http://jayakonstruksi.com/backupintsec/rapache.tgz. Copyright 2011 Ramon de C Valle Compile with the following command: gcc -Wall -pthread -o rcvalle-rapache rcvalle-rapache.c /...
Local kernel 2.6.2x kernel panic via pthread
Exploit for linux platform in category local exploits ============================================ Local kernel 2.6.2x kernel panic via pthread ============================================ Exploit Title: Pthread Local Kernel 2.6.2x Kernel Panic Exploit Date: 20 April 2010 Author: mywisdom...
FreeBSD 6.4 root shell exploit 0 day-vulnerability warning-the black bar safety net
The following code exploit the vulnerability to run in kernel-mode code if 0 FreeBSD 6.4 and below are vulnerable to race condition between pipeclose and knlistcleardel resulting in NULL pointer dereference. The following code exploits the vulnerability to run code in kernel mode, giving root she...
FreeBSD <= 6.1 kqueue() NULL pointer dereference
FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread looping on kevent, trying to add possibly...