freebsd/x86 reverse portbind /bin/sh 89 bytes

Exploit for freebsd/x86 platform in category shellcode ============================================= freebsd/x86 reverse portbind /bin/sh 89 bytes ============================================= ; sm4x - 2008 ; reverse portbind /bin/sh ; NULL free if address is. ; setuid0; socket; connect; exit; ; ...

linux/x86 setuid(0) . setgid(0) . aslr_off 79 bytes

No description provided by source. / Linux/x86 Fedora 8 setuid0 + setgid0 + execve"echo 0 /proc/sys/kernel/randomizevaspace" by LiquidWorm 2008 c www.zeroscience.org liquidworm at gmail.com 79 bytes. / char sc = "\x6a\x17" // push $0x17 "\x58" // pop %eax "\x31\xdb" // xor %ebx, %ebx "\xcd\x80" /...

linux/x86 - setuid0 . setgid0 . aslr_off 79 bytes

linux/x86 setuid0 . setgid0 . aslroff 79 bytes. Shellcode exploit for linx86 platform / Linux/x86 Fedora 8 setuid0 + setgid0 + execve"echo 0 /proc/sys/kernel/randomizevaspace" by LiquidWorm 2008 c www.zeroscience.org liquidworm at gmail.com 79 bytes. / char sc = "\x6a\x17" // push $0x17 "\x58" //...

linux/x86 setuid(0) . setgid(0) . aslr_off 79 bytes

Exploit for linux/x86 platform in category shellcode =================================================== linux/x86 setuid0 . setgid0 . aslroff 79 bytes =================================================== / Linux/x86 Fedora 8 setuid0 + setgid0 + execve"echo 0 /proc/sys/kernel/randomizevaspace" by...

linux/x86 setuid(0) . setgid(0) . aslr_off 79 bytes

No description provided by source. / Linux/x86 Fedora 8 setuid0 + setgid0 + execve"echo 0 /proc/sys/kernel/randomizevaspace" by LiquidWorm 2008 c www.zeroscience.org liquidworm at gmail.com 79 bytes. / char sc = "\x6a\x17" // push $0x17 "\x58" // pop %eax "\x31\xdb" // xor %ebx, %ebx "\xcd\x80" /...

CVE-2008-2324

The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs...

CVE-2008-2324

The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs...

Solaris 7/8/9 CDE LibDTHelp Local Buffer Overflow Exploit

No description provided by source. / $Id: raptorlibdthelp.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi [email protected] Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary...

Linux Kernel < 2.4.20 Module Loader Local Root Exploit

No description provided by source. / Linux Kernel Module Loader Local R00t Exploit Up to 2.4.20 By anonymous KuRaK include stdio.h include stdlib.h include signal.h include fcntl.h include errno.h include unistd.h include sys/types.h include sys/stat.h include sys/ptrace.h include sys/wait.h...

RedHat Linux dump 缓冲区溢出漏洞

RedHat Linux中有一个文件备份工具"dump".它被安装在 /sbin下并且被设置了setuid/setgid root位。当传送一个很长的字符串给"-f a"参数时，dump将发生堆栈溢出。如果提供的参数经过精心构造，攻击者就可能替代堆栈中保存的EIP指令指针或者返回地址并以gid root权限来执行任意代码。Dump在crash时会丢弃setuid root权限，但是没有丢弃setgid root权限。因此攻击者可能利用这个漏洞获得setgid root权限，进而可能获取对整个系统的控制权。 MandrakeSoft Linux Mandrake 7.0...

Solaris Runtime Linker (ld.so.1) Buffer Overflow Exploit (SPARC version)

No description provided by source. / ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard overflow and return into li...

GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Buffer Overflow

// source: https://www.securityfocus.com/bid/27744/info The GKrellWeather plugin for GKrellM is prone to a local stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. An attacker can exploit this...

DEBIAN-CVE-2008-0008

The padroproot function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from 1 setresuid, 2 setreuid, 3 setuid, and 4 seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. The padroproot function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from 1 setresuid, 2 setreuid, 3 setuid, and 4 seteuid calls when attempting to drop privileges, which might...

CVE-2008-0008

The padroproot function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from 1 setresuid, 2 setreuid, 3 setuid, and 4 seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as...

CVE-2008-0008

The CVE-2008-0008 issue affects PulseAudio 0.9.8 and certain 0.9.9 builds where pa_drop_root does not check return values from setresuid, setreuid, setuid, and seteuid when dropping privileges. This could allow a local user to escalate privileges if those calls fail (e.g., due to resource exhaust...

pulseuadio privilege escalation

setuid result is not checked...

Debian Security Advisory DSA 1150-1 (shadow)

The remote host is missing an update to shadow announced via advisory DSA 1150-1. A bug has been discovered in several packages that execute the setuid system call without checking for success when trying to drop privileges, which may fail with some PAM configurations. OpenVAS Vulnerability Test...

Debian: Security Advisory (DSA-969-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-563-3)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...