Unix-PrivEsc

UNIX-PrivEsc ============ This is just an effort to aggregate local UNIX privilege escalation exploits. They are all publicly available but don't allow for a sensible overview + it's always the quirky ones that you can't find when you need them. I am going to progressively push out exploits from ...

Linux Polkit pkexec Helper PTRACE_TRACEME Local Root Exploit

This Metasploit module exploits an issue in ptracelink in kernel/ptrace.c before Linux kernel 5.1.17. This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent. In the Linux kernel...

CVE-2008-3077

arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x8664 platform leaks taskstruct references into the sys32ptrace function, which allows local users to cause a denial of service system crash or have unspecified other impact via unknown vectors, possibly a use-after-free...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2037)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2037 advisory. - netdrv be2net: Merge fixes for CVE-2011-3347 Joe Jin Tenable has extracted the preceding description block directly from the Oracle Linux securit...

Design/Logic Flaw

The ptracestart function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the docoredump function, which allows local users to cause a denial of service deadlock via vectors involving the ptrace system call and a coredumping thread...