IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Local Privilege Escalation

!/usr/bin/sh AIX lquerylv 5.3, 6.1, 7.1, 7.2 local root exploit. Tested against latest patchset 7100-04 This exploit takes advantage of known issues with debugging functions within the AIX linker library. We are taking advantage of known functionality, and focusing on badly coded SUID binaries...

CVE-2006-4447

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit...

OS X Install.framework suid root Runner Binary Privilege Escalation Vulnerability

Exploit for macOS platform in category local exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=478 The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same...

Matt Kimball and Roger Wolff mtr 0.28/0.41,Turbolinux 3.5 b2/4.2/4.4/6.0 mtr Vulnerability.2

No description provided by source. source: http://www.securityfocus.com/bid/1038/info A potential vulnerability exists in the 'mtr' program, by Matt Kimball and Roger Wolff. Versions prior to 0.42 incorrectly dropped privileges on all Unix variants except HPUX. By calling a seteuidgetuid call, th...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (ppc)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch-ppc.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom Much appreciation goes to John H for all kindsa random shit like exploiting Veritas and other random things in the past core... where the...

Linux/SuperH - sh4 - setuid0 - chmod"/etc/shadow", 0666 - exit0 43 bytes

Linux/SuperH - sh4 - setuid0 - chmod"/etc/shadow", 0666 - exit0 43 bytes. Shellcode exploit for sh4 platform / Title: Linux/SuperH - sh4 - setuid0 - chmod"/etc/shadow", 0666 - exit0 - 43 bytes Date: 2011-06-22 Tested on: Debian-sh4 2.6.32-5-sh7751r Author: Jonathan Salwan - twitter: @jonathansalw...

Linux/SuperH-sh4-setuid(0)-chmod("/etc/shadow", 0666)-exit(0)-43 bytes

/ Title: Linux/SuperH - sh4 - setuid0 - chmod"/etc/shadow", 0666 - exit0 - 43 bytes Date: 2011-06-22 Tested on: Debian-sh4 2.6.32-5-sh7751r Author: Jonathan Salwan - twitter: @shellstorm http://shell-storm.org seteuid: mov 23, r3 xor r4, r4 trapa 2 chmod: mov 15, r3 mova @24, pc, r0 mov r0, r4 mo...

BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes)

BSD/x86 - execve/bin/sh + seteuid0 Shellcode 31 bytes. Shellcode exploit for BSDx86 platform / simply execvebinsh+seteuid0 shellcode in 31 bytes written on nasm - my first nasm exp. greetz2: mig darknet /EFnet.org nerf nerf /EFnet.org dev0id rus-sec /EFnet.org rootteam.void.ru / char shellcode =...

Gentoo Security Advisory GLSA 200611-05 (ftpd)

The remote host is missing updates announced in advisory GLSA 200611-05. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200611-05 (ftpd)

The remote host is missing updates announced in advisory GLSA 200611-05. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

DEBIAN-CVE-2008-0008

The padroproot function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from 1 setresuid, 2 setreuid, 3 setuid, and 4 seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as...

CVE-2008-0008

The padroproot function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from 1 setresuid, 2 setreuid, 3 setuid, and 4 seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as...

Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Exploit

No description provided by source. / Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179...

applesmb-overflow.txt

/ Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179 http://seclists.org/fulldisclosure/2007/Dec/0445.html...

Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Exploit

Exploit for macOS platform in category local exploits ============================================================== Apple Mac OS X mountsmbfs Stack Based Buffer Overflow Exploit ============================================================== / Copyright C 2007-2008 Subreption LLC. All rights...

SuSE 10 Security Update : krb5-apps-servers and krb5-apps-clients (ZYPP Patch Number 1938)

Various return checks of setuid and seteuid calls have been fixed in kerberos client and server applications. If these applications are setuid, it might have been possible for local attackers to gain root access. CVE-2006-3083 We are not affected by the seteuid problems, tracked by CVE-2006-3084...

openSUSE 10 Security Update : krb5-apps-clients (krb5-apps-clients-1937)

Various return checks of setuid and seteuid calls have been fixed in kerberos client and server applications. If these applications are setuid, it might have been possible for local attackers to gain root access CVE-2006-3083. We are not affected by the seteuid problems, tracked by CVE-2006-3084...

[ GLSA 200704-22 ] BEAST: Denial of Service

Gentoo Linux Security Advisory GLSA 200704-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Critical: krb5 security update

1.3.4-46 - fix bug ID in changelog 1.3.4-45 - add preliminary patch to fix buffer overflow in krb5kdc and kadmind 231528, CVE-2007-0957 - add preliminary patch to fix double-free in kadmind 231537, CVE-2007-1216 1.3.4-44 - temporarily disable bug fixes for 143289, 179062, 180671, 202191, 223669 f...

DEBIAN-CVE-2006-6008

ftpd in Linux Netkit linux-ftpd 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different...