10 matches found
CVE-2015-1117
The 1 setreuid and 2 setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted a...
CVE-2015-1117
CVE-2015-1117 affects Apple platforms: iOS before 8.3, OS X before 10.10.3, and Apple TV before 7.2. The kernel setreuid/setregid system-call implementations fail to drop privileges, enabling code execution with unintended user/group privileges via a crafted app. Remediation is to upgrade to the ...
Apple iOS setreuid and setregid call elevation of privilege vulnerability
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security building exists in the Apple iOS kernel setreuid and setregid, due to the Apple iOS kernel failing to properly drop privileges. A local attacker can exploit the vulnerability to elevate...
XBlast 2.6.1 HOME Environment Variable Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8296/info XBlast is contains a locally exploitable buffer overflow vulnerability due to insufficient bounds checking of data supplied via the HOME environment variable. Successful exploitation would allow a local user to...
Linux x86_64 - add user with passwd (189 bytes)
No description provided by source. ;scadduser01.S ;Arch: x8664, Linux ; ;Author: 0o -- nullnull ; nu11.nu11 at yahoo.com ;Date: 2012-03-05 ; ;compile an executable: nasm -f elf64 scadduser.S ; ld -o scadduser scadduser.o ;compile an object: nasm -o scadduserobj scadduser.S ; ;Purpose: adds user...
Linux x86_64 - add user with passwd 189 bytes
Linux x8664 - add user with passwd 189 bytes. Shellcode exploit for linx86-64 platform ;scadduser01.S ;Arch: x8664, Linux ; ;Author: 0o -- nullnull ; nu11.nu11 at yahoo.com ;Date: 2012-03-05 ; ;compile an executable: nasm -f elf64 scadduser.S ; ld -o scadduser scadduser.o ;compile an object: nasm...
Solaris/SPARC - setreuid(geteuid()) + setregid(getegid()) + execve(/bin/sh) Shellcode
Solaris/SPARC - setreuidgeteuid + setregidgetegid + execve/bin/sh Shellcode. Shellcode exploit for SolarisSPARC platform / Solaris shellcode - setreuidgeteuid, setregidgetegid, execve /bin/sh Claes M. Nyberg 20020124 , / include static char solariscode = / geteuid / "\x82\x10\x20\x18" / mov 24, %...
linux/x86 execve /bin/sh setreuid12,12 50 bytes
linux/x86 execve /bin/sh setreuid12,12 50 bytes. Shellcode exploit for linx86 platform / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12, 12; / include char c0de = / main: / / setregid12, 12; / "\x29\xc0" / subl %eax, %eax / "\xb0\x47" / movb $71, %a...
linux/x86 execve /bin/sh setreuid(12,12) 50 bytes
Exploit for linux/x86 platform in category shellcode ================================================= linux/x86 execve /bin/sh setreuid12,12 50 bytes ================================================= / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12...
linux/x86 execve /bin/sh setreuid(12 12) 50 bytes
No description provided by source. / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12, 12; / include stdio.h char c0de = / main: / / setregid12, 12; / "\x29\xc0" / subl %eax, %eax / "\xb0\x47" / movb $71, %al / "\x29\xdb" / subl %ebx, %ebx / / Here's...