Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh,[/bin/sh,NULL])) Shellcode (25 bytes)

Linux/x86 - setuid0 + setgid0 + execve/bin/sh,/bin/sh,NULL Shellcode 25 bytes. Shellcode exploit for Linuxx86 platform include const char shellcode= "\x6a\x17" // push $0x17 "\x58" // pop %eax "\x31\xdb" // xor %ebx,%ebx "\xcd\x80" // int $0x80 "\xb0\x2e" // mov $0x2e,%al "\xcd\x80" // int $0x80...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : cron vulnerability (USN-778-1)

It was discovered that cron did not properly check the return code of the setgid and initgroups system calls. A local attacker could use this to escalate group privileges. Please note that cron versions 3.0pl1-64 and later were already patched to address the more serious setuid check referred to ...

USN-778-1: cron vulnerability

It was discovered that cron did not properly check the return code of the setgid and initgroups system calls. A local attacker could use this to escalate group privileges. Please note that cron versions 3.0pl1-64 and later were already patched to address the more serious setuid check referred to ...

FreeBSD : multiple buffer overflows in xboing (e25566d5-6d3f-11d8-83a4-000a95bc6fae)

"Steve Kemp reports in a Debian bug submission : Due to improper bounds checking it is possible for a malicious user to gain a shell with membership group 'games'. The binary is installed setgid games. Environmental variables are used without being bounds-checked in any way, from the source code ...

udev Netlink Message Validation Local Privilege Escalation Vulnerability

Description The 'udev' Linux application is prone to a local privilege-escalation vulnerability because it fails to properly handle netlink messages. Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system. Versions prior to udev 1...

Mandriva Update for util-linux MDKSA-2007:198 (util-linux)

Check for the Version of util-linux OpenVAS Vulnerability Test Mandriva Update for util-linux MDKSA-2007:198 util-linux Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Ubuntu: Security Advisory (USN-679-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-0876

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DTRPATH:$ORIGIN...

Design/Logic Flaw

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DTRPATH:$ORIGIN...

CVE-2009-0876

Sun xVM VirtualBox for Linux (versions 2.0.0 – 2.1.4r42893) is affected by a local privilege-escalation flaw via a hardlink attack that preserves setuid/setgid bits, related to DT_RPATH:$ORIGIN. The issue, described across multiple sources, centers on filesystem manipulation allowing a non-privil...

CentOS Update for kernel CESA-2008:0972 centos4 i386

Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2008:0972 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Linux/x86 - setuid / setgid / chroot break

No description provided by source. /----------------------------------------------------------------------/ / s390 shellcode 0x0a / 0x0 free / / setuid / setgid / chroot break / / code [email protected] / /----------------------------------------------------------------------/ char...

Design/Logic Flaw

The linkimage function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly ...

kernel: open() call allows setgid bit when user is not in new file's group

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable...

USN-679-1: Linux kernel vulnerabilities

It was discovered that the Xen hypervisor block driver did not correctly validate requests. A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service. This only affected Ubuntu 7.10...

RHEL 4 : kernel (RHSA-2008:0972)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0972 advisory. - kernel PWC driver DoS CVE-2007-5093 - kernel: dio: zero struct dio with kzalloc instead of manually CVE-2007-6716 - kernel: ptrace: Paddin...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any...

kernel: open() call allows setgid bit when user is not in new file's group

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable...

kernel security and bug fix update

2.6.9-78.0.8.0.1.EL - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with...

Design/Logic Flaw

The genericfilesplicewrite function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified...