Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode

/ Exploit Title: Linux x86 Dual Network Stack IPv4 and IPv6 Bind TCP Shellcode Shellcode Author: Kevin Kirsche Shellcode Repository: https://github.com/kkirsche/SLAE/tree/master/assignment1-bindshell Tested on: Shell on Ubuntu 18.04 with gcc 7.3.0 / Connected from Kali 2018.2 This shellcode will...

F5 Networks BIG-IP : Linux kernel vulnerability (K11023978)

Race condition in net/packet/afpacket.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via a multithreaded application that makes PACKETFANOUT setsockopt system calls. CVE-2017-6346 %NASLMINLEVEL 999999 C...

macOS necp_get_socket_attributes so_pcb Type Confusion

MacOS sopcb type confusion in necpgetsocketattributes CVE-2017-13855 When setsockopt is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls sotoinpcbso: errnot necpgetsocketattributesstruct socke...

Apple macOS - necp_get_socket_attributes so_pcb Type Confusion

Apple macOS - necpgetsocketattributes sopcb Type Confusion / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1392&desc=2 When getsockopt edited; original report said "setsockopt" is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes i...

Ubuntu 17.04 Linux Kernel XFRM Privilege Escalation Exploit

Exploit for linux platform in category local exploits Vulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem – XFRM. Netlink is used to transfer...

CVE-2017-16939

The XFRM dump policy implementation in net/xfrm/xfrmuser.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service use-after-free via a crafted SORCVBUF setsockopt system call in conjunction with XFRMMSGGETPOLICY Netlink messages...

Design/Logic Flaw

The XFRM dump policy implementation in net/xfrm/xfrmuser.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service use-after-free via a crafted SORCVBUF setsockopt system call in conjunction with XFRMMSGGETPOLICY Netlink messages...

CVE-2017-16939

The XFRM dump policy implementation in net/xfrm/xfrmuser.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service use-after-free via a crafted SORCVBUF setsockopt system call in conjunction with XFRMMSGGETPOLICY Netlink messages...

Linux Kernel XFRM Privilege Escalation

Vulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem – XFRM. Netlink is used to transfer information between the kernel and user-space processes. It...

CVE-2017-16939

The XFRM dump policy implementation in net/xfrm/xfrmuser.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service use-after-free via a crafted SORCVBUF setsockopt system call in conjunction with XFRMMSGGETPOLICY Netlink messages...

Linux Kernel (Ubuntu 17.04) - XFRM Local Privilege Escalation

Linux Kernel Ubuntu 17.04 - XFRM Local Privilege Escalation Vulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem – XFRM. Netlink is used to transfer...

Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation

Vulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem – XFRM. Netlink is used to transfer information between the kernel and user-space processes. It...

Linux Kernel AF_PACKET Use-After-Free(CVE-2017-15649)

Vulnerabilities summary The following advisory describes a use-after-free vulnerability found in Linux Kernel’s implementation of AFPACKET that can lead to privilege escalation. AFPACKET sockets “allow users to send or receive packets on the device driver level. This for example lets them to...

PT-2017-3324 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13.11 Description: The issue is related to the XFRM dump policy implementation in the Linux kernel, which allows local users to gain privileges or cause a denial of service due to a use-after-free error. This...

Linux Kernel - AF_PACKET Use-After-Free Exploit

Exploit for linux platform in category dos / poc / Source: https://blogs.securiteam.com/index.php/archives/3484 Vulnerabilities summary The following advisory describes a use-after-free vulnerability found in Linux Kernel’s implementation of AFPACKET that can lead to privilege escalation. AFPACKE...

Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0933)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Virtuozzo 7 : readykernel-patch (VZA-2017-063)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - The NFSv4 server in the Linux kernel compiled with CONFIGNFSDPNFS enabled does not properly validate layout type whe...

Virtuozzo 7 : readykernel-patch (VZA-2017-062)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - The NFSv4 server in the Linux kernel compiled with CONFIGNFSDPNFS enabled does not properly validate layout type whe...

Important kernel security update: CVE-2017-8797 and other; Virtuozzo ReadyKernel patch 25.0 for Virtuozzo 7.0.0, 7.0.1, and 7.0.3

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 Virtuozzo 7.0.0, 3.10.0-327.36.1.vz7.18.7 Virtuozzo 7.0.1, and 3.10.0-327.36.1.vz7.20.18 Virtuozzo 7.0.3. Vulnerability id: CVE-2017-8797 The NFSv4 server in...

“Phoenix Talon”in the Linux Kernel —lurking for over 11 years, the kernel vulnerability-vulnerability warning-the black bar safety net

! About “Phoenix Talon” 2017 5 November 9, qimingxing e ADLab found that the Linux kernel there is a remote vulnerability“Phoenix Talon”the Phoenix claw fourth toe of Italy, and relates to CVE-2017-8890, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, can affect almost all Linux kernel 2.5.69 Linux...