kernel: no access restrictions of /proc/pid/* after setuid program exec

The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lsee...

linux/x86 shellcode - setuid(0)+setgid(0)+add user iph without password - 124 bytes

/ Exploit Title: Linux/x86 Polymorphic ShellCode - setuid0+setgid0+add user 'iph' without password to /etc/passwd setuid - setgid - open - write - close - exit Date: 30/12/2011 Author: pentesters.ir Tested on: Linux x86 - CentOS 6.0 - 2.6.32-71 Website: http://pentesters.ir/ Contact:...

Linux/x86 Polymorphic ShellCode - setuid0+setgid0+add user 'iph' without password to /etc/passwd

Linux/x86 Polymorphic ShellCode - setuid0+setgid0+add user 'iph' without password to /etc/passwd. Shellcode exploit for linx86 platform / Exploit Title: Linux/x86 Polymorphic ShellCode - setuid0+setgid0+add user 'iph' without password to /etc/passwd setuid - setgid - open - write - close - exit...

SuSE 10 Security Update : opie (ZYPP Patch Number 7594)

This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin. CVE-2011-2490 This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...

Trend Micro InterScan Web Security Suite Local Privilege Escalation

Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...

kernel: no access restrictions of /proc/pid/* after setuid program exec

The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lsee...

Linux/SuperH - sh4 - setuid0 ; execve"/bin/sh", NULL, NULL 27 bytes

Linux/SuperH - sh4 - setuid0 ; execve"/bin/sh", NULL, NULL 27 bytes. Shellcode exploit for sh4 platform / Linux/SuperH - sh4 - setuid0 ; execve"/bin/sh", NULL, NULL - 27 bytes Tested on debian-sh4 2.6.32-5-sh7751r by Jonathan Salwan - twitter: @jonathansalwan 400054: 17 e3 mov 23,r3 400056: 4a 24...

Linux/SuperH - sh4 - setuid(0) ; execve("/bin/sh", NULL, NULL) - 27 bytes

/ Linux/SuperH - sh4 - setuid0 ; execve"/bin/sh", NULL, NULL - 27 bytes Tested on debian-sh4 2.6.32-5-sh7751r by Jonathan Salwan - twitter: @jonathansalwan 400054: 17 e3 mov 23,r3 400056: 4a 24 xor r4,r4 400058: 0b c3 trapa 11 40005a: 3a 23 xor r3,r3 40005c: 0b e3 mov 11,r3 40005e: 02 c7 mova...

Samba smbmnt Local Privilege Escalation

According to its banner, the version of Samba running on the remote host is in the 2.x or 3.x branch. Such versions are shipped with a utility called 'smbmnt'. When smbmnt has the setuid 'root' bit set, a local user with access to the victim can mount a Samba share and then execute a setuid or...

Trendmicro IWSS 3.1 Privilege Escalation

BUGUROO SECURITY ADVISORY ADVISORY Title: Trendmicro IWSS 3.1 privilege escalation Product: InterScan Web Security Suite IWSS Vendor: TrendMicro Advisory ID: BSA-2011-002 Advisory URL: http://buguroo.com/adv/BSA-2011-002.txt Date published: 25/10/2011 DISCLAIMER Buguroo Offensive Security, S.L...

Code injection

The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack...

CVE-2011-4060

The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LDDEBUGOUTPUT and LDDEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack...

Debian DSA-2319-1 : policykit-1 - race condition

Neel Mehta discovered that a race condition in Policykit, a framework for managing administrative policies and privileges, allowed local users to elevate privileges by executing a setuid program from pkexec. The oldstable distribution lenny does not contain the policykit-1 package. %NASLMINLEVEL...

kernel: no access restrictions of /proc/pid/* after setuid program exec

The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lsee...

CentOS Update for popt CESA-2010:0679 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for samba CESA-2009:1529 centos4 i386

Check for the Version of samba OpenVAS Vulnerability Test CentOS Update for samba CESA-2009:1529 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for popt CESA-2010:0679 centos5 i386

Check for the Version of popt OpenVAS Vulnerability Test CentOS Update for popt CESA-2010:0679 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

SuSE 11.1 Security Update : opie (SAT Patch Number 4815)

This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin. CVE-2011-2490 This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...

SuSE 11.1 Security Update : opie (SAT Patch Number 4815)

This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin. CVE-2011-2490 This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...

SuSE 10 Security Update : opie (ZYPP Patch Number 7595)

This update fixes off-by-one errors in opiesu CVE-2011-2489 and missing setuid return value checks in opielogin. CVE-2011-2490 This update also removes the setuid bit from opiesu program. If you rely on the setuid bit on opiesu, add the following line to /etc/permissions.local : /usr/bin/opiesu...