CVE-2015-1099

CVE-2015-1099 is a race condition in the kernel setreuid system-call that can cause a denial of service. Affected products include Apple iOS prior to 8.3, OS X prior to 10.10.3, and Apple TV prior to 7.2. Exploitation details are not provided beyond “crafted app”; remediation is to update to the ...

CVE-2015-1117

CVE-2015-1117 affects Apple platforms: iOS before 8.3, OS X before 10.10.3, and Apple TV before 7.2. The kernel setreuid/setregid system-call implementations fail to drop privileges, enabling code execution with unintended user/group privileges via a crafted app. Remediation is to upgrade to the ...

CVE-2015-1117

The 1 setreuid and 2 setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted a...

Apple TV < 7.2 Multiple Vulnerabilities

According to its banner, the remote Apple TV device is a version prior to 7.2. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption vulnerabilities exist in WebKit due to improperly validated user-supplied input. A remote attacker, using a specially crafted...

Apple iOS setreuid and setregid call elevation of privilege vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security building exists in the Apple iOS kernel setreuid and setregid, due to the Apple iOS kernel failing to properly drop privileges. A local attacker can exploit the vulnerability to elevate...

Apple iOS setreuid Call Denial of Service Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A contention condition error in the Apple iOS kernel setreuid system call allows local attackers to exploit the vulnerability to crash the system...

linux/x86 Run /usr/bin/python | setreuid(),execve() - 54 Bytes

Exploit Title: Shellcode Linux x86 Run /usr/bin/python | setreuid,execve Date: 31/7/2014 Exploit Author: Ali Razmjoo Tested on: kali-linux-1.0.4-i386 3.7-trunk-686-pae 1 SMP Debian 3.7.2-0+kali8 i686 GNU/Linux / Ali Razmjoo , email protected Shellcode Linux x86 Run /usr/bin/python | setreuid,exec...

linux/x86 chmod(777 /etc/passwd and /etc/shadow) && (Add new root user) 378 Bytes

Shellcode Linux x86 378Bytes chmod777 /etc/passwd and /etc/shadow && Add new root user ALI with password ALI for ssh && Execute /bin/sh Date: 4/8/2014 Exploit Author: Ali Razmjoo Tested on: kali-linux-1.0.4-i386 3.7-trunk-686-pae 1 SMP Debian 3.7.2-0+kali8 i686 GNU/Linux / Ali Razmjoo ,...

execve of /bin/sh after setreuid(0,0)

No description provided by source. / $Id: execve-setreuid.c,v 1.1 2001/05/02 18:10:52 raptor Exp $ execve-setreuid.c v1.0 - shellcode for Linux/i386 Copyright c 2001 Raptor [email protected] This shellcode does an execve of /bin/sh after a setreuid0, 0, then exits. / / ASM Code ; setreuid0...

linux/x86 execve /bin/sh setreuid(12,12) 50 bytes

No description provided by source. / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12, 12; / include stdio.h char c0de = / main: / / setregid12, 12; / \x29\xc0 / subl %eax, %eax / \xb0\x47 / movb $71, %al / \x29\xdb / subl %ebx, %ebx / / Here's the GI...

wu-ftpd <= 2.6.1 - Remote Root Exploit

No description provided by source. / 7350wurm - x86/linux wuftpd remote root exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to third parties,...

Linux - setreuid (0,0) & execve(/bin/rm /etc/shadow)

No description provided by source. / rmtheshadow.c by mrme Just for fun : visit: http://www.corelan.be:8800/ / include stdio.h include string.h char sc = x31xc0 // xor %eax,%eax xb0x46 // mov $046,%al x31xdb // xor %ebx,%ebx x31xc9 // xor %ecx,%ecx xcdx80 // int $080 x31xc0 // xor %eax,%eax x50 /...

GNU Sharutils <= 4.2.1 - Local Format String PoC Exploit

No description provided by source. / GNU sharutils = 4.2.1 Local Format String POC Code C0ded by n4rk0tix a.k.a nrktx [email protected] Below is a l4m3 proof of concept code for da recently reported lame bug; These binaryz have not only format bugz, but also buffer overflowz,etc.We also...

Linux kernel 2.2/2.4 procfs Stream Redirection to Process Memory Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2937/info The Linux /proc filesystem is a virtual filesystem provided by the Linux Kernel as an interface to some process and system information and parameters. Under certain circumstances, an access validation error may...

linux/x86 break chroot setuid(0) + /bin/sh 132 bytes

No description provided by source. / Linux/x86 - setreuid0, 0; - chroot-break make a temp dir with mkdir, chroot to tempdir, go through a loop of chdir..; then a final chroot.; - execve of /bin/sh used in several wu-ftpd, beroftpd and proftpd exploits, amongst others / include stdio.h char c0de =...

Ecartis 1.0 .0,0.129 a Listar Multiple Local Buffer Overflow Vulnerabilities (2)

No description provided by source. source: http://www.securityfocus.com/bid/4271/info Ecartis is the new name for the Listar software product. Listar is a mailing list management package for Linux, BSD, and other Unix like operating systems. Multiple local buffer overflow conditions have been...

Polymorphic Bindport 31337 with setreuid (0,0) linux/x86

No description provided by source. / Title : Polymorphic shellcode that bindport to 31337 with setreuid 0,0 x86 linux shellcode. Name : 131 bytes bind port 31337 x86 linux polymorphic shellcode. Date : Sat Jun 17 21:27:03 2010 Author : gunslinger yudha.gunslingeratgmail.com Web :...

34 bytes setreud(getuid(), getuid()) & execve("/bin/sh") Shellcode

No description provided by source. include stdio.h include string.h / by Magnefikko 14.04.2010 [email protected] promhyl.oz.pl Subgroup: PRekambr Name: 34 bytes setreudgetuid, getuid & execve/bin/sh shellcode Platform: Linux x86 setreuidgetuid, getuid; execve/bin/sh; gcc -Wl,-z,execstack...

linux/x86 setreuid(0,0) execve("/bin/sh", ["/bin/sh", NULL]) 33 bytes

No description provided by source. / Linux/x86 setreuid0,0 + execve/bin/sh, /bin/sh, NULL - 33 bytes - [email protected] / char shellcode = \x6a\x46 // push $0x46 \x58 // pop %eax \x31\xdb // xor %ebx, %ebx \x31\xc9 // xor %ecx, %ecx \xcd\x80 // int $0x80 \x31\xd2 // xor %edx, %edx \x6a\x0b // pus...

62 bytes setreuid(0,0) execve("/bin/sh",NULL,NULL) XOR Encoded Linux Shellcode

No description provided by source. / Author : gunslinger yudha.gunslingeratgmail.com Web : http://devilzc0de.org blog : http://gunslingerc0de.wordpress.com tested on : linux debian special thanks to : r0073r inj3ct0r.com, d3hydr8 darkc0de.com, ty miller projectshellcode.com, jonathan...