Linux Enumeration And Privilege Escalation – LinEnum

LinEnum will automate many Local Linux Enumeration & Privilege Escalation checks documented in this cheat sheet . It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful SUID/GUID files...

CVE-2018-0493

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution...

Memory corruption

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution...

DEBIAN-CVE-2018-0493

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution...

UBUNTU-CVE-2018-0493

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution...

CVE-2018-0493

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution...

CVE-2018-0493

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution...

CVE-2018-0493

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution...

Debian DSA-4159-1 : remctl - security update

Santosh Ananthakrishnan discovered a use-after-free in remctl, a server for Kerberos-authenticated command execution. If the command is configured with the sudo option, this could potentially result in the execution of arbitrary code. The oldstable distribution jessie is not affected. C Tenable...

Hwacha - Deploy Payloads To *Nix Systems En Masse

Hwacha is a tool to quickly execute payloads on Nix based systems. Easily collect artifacts or execute shellcode on an entire subnet of systems for which credentials are obtained. $python hwacha.py &&&& && && && &&&&&&&&&&&& && && && Created by Esteban Rodriguez /\ &&&&&& && &&&&&&&&&& && Web:...

Quantum storage devices may have a known Linux bug

Challenge To identify if a known linux bug is the cause for errors on a backup repository. Cause You will see a job fail with "unable to mkdir /var/log/sudo-io : File exists", this is caused by a bug in some versions of the sudo application. Solution Some quantum storage device's operating system...

lastore-daemon D-Bus Privilege Escalation

This module attempts to gain root privileges on Deepin Linux systems by using lastore-daemon to install a package. The lastore-daemon D-Bus configuration on Deepin Linux permits any user in the sudo group to install arbitrary system packages without providing a password, resulting in code executi...

Solaris 10 (x86) : 152253-01

SunOS 5.10x86: sudo Patch. Date this patch was last updated by Sun : Apr/20/16 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 10 (sparc) : 152252-01

SunOS 5.10: sudo Patch. Date this patch was last updated by Sun : Apr/20/16 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 10 (x86) : 152253-02

SunOS 5.10x86: sudo Patch. Date this patch was last updated by Sun : Feb/09/17 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 10 (sparc) : 152252-02

SunOS 5.10: sudo Patch. Date this patch was last updated by Sun : Feb/09/17 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Sudohulk - Try Privilege Escalation Changing Sudo Command

This tool change sudo command, hooking the execve syscall using ptrace, tested under bash and zsh supported architectures: x8664 x86 arm How use: $ make cc -Wall -Wextra -O2 -c -o bin/shremotedata.o src/shremotedata.c cc -Wall -Wextra -O2 -c -o bin/shstring.o src/shstring.c cc -Wall -Wextra -O2 -...

Input validation

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...

DEBIAN-CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...

CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...