161 matches found
Apple Mac OSX / iOS - SUID Binary Logic Error Kernel Code Execution
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vmmap into the old task object leaving a short race window where we can manipula...
Exim < 4.86.2 - Local Privilege Escalation
============================================= - Advisory release date: 10.03.2016 - Created by: Dawid Golunski - Severity: High/Critical ============================================= I. VULNERABILITY ------------------------- Exim 4.86.2 Local Root Privilege Escalation Exploit II. BACKGROUND...
Exim < 4.86.2 - Privilege Escalation
Exploit for linux platform in category local exploits ============================================= - Advisory release date: 10.03.2016 - Created by: Dawid Golunski - Severity: High/Critical ============================================= I. VULNERABILITY ------------------------- Exim 4.86.2 Local...
NTP - Local Privilege Escalation
NTP - Local Privilege Escalation Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics...
Man-db 2.6.7.1 - Local Privilege Escalation
Man-db 2.6.7.1 - Local Privilege Escalation / EDB Note: man:man - man:root http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/ man:root - root:root http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ CreateSetgidBinary.c...
Man-db 2.6.7.1 - Local Privilege Escalation
/ EDB Note: man:man - man:root http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/ man:root - root:root http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ CreateSetgidBinary.c...
[CVE-2014-7302] SGI SUID Root Privilege Escalation
SGI SUID Root Privilege Escalation Software: SGI Tempo SGI ICE-X Supercomputers Affected Versions: Unknown CVE Reference: CVE-2014-7302 Author: Luke Jennings, John Fitzpatrick, MWR Labs Severity: Medium Risk Vendor: Silicon Graphics International Corp SGI Vendor Response: Uncooperative Descriptio...
SGI Tempo vx Setuid Privilege Escalation
SGI SUID Root Privilege Escalation Software: SGI Tempo SGI ICE-X Supercomputers Affected Versions: Unknown CVE Reference: CVE-2014-7302 Author: Luke Jennings, John Fitzpatrick, MWR Labs Severity: Medium Risk Vendor: Silicon Graphics International Corp SGI Vendor Response: Uncooperative Descriptio...
Mac OS X VMWare Fusion Root Privilege Escalation Exploit
This abuses the bug in bash environment variables CVE-2014-6271 to get a suid binary inside of VMWare Fusion to launch our payload as root. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex...
ibstat $PATH Privilege Escalation
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Exploit::FileDropper def initializein...
Ubuntu Linux 'mountall' Local Privilege Escalation Vulnerability
No description provided by source. Source: http://www.securityfocus.com/bid/43084/info !/bin/sh by fuzz. For Anux inc. ubuntu 10.04 , 10.10 if -z $1 then echo usage: $0 UDEV KERNEL EVENT echo see here http://www.reactivated.net/writingudevrules.html exit fi cat usn985-exploit.sh EOF !/bin/sh chow...
ibstat $PATH Privilege Escalation Exploit
Exploit for linux platform in category local exploits This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 "ibstat $PATH Privilege Escalation", "Description" = %q This module exploits the trusted $PATH...
ibstat $PATH Privilege Escalation
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 "ibstat $PATH Privilege Escalation", "Description" = %q This module exploits the trusted $PATH environment variable of the SUID binary "ibstat". , "Autho...
ibstat $PATH Privilege Escalation
This module exploits the trusted $PATH environment variable of the SUID binary "ibstat". This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ibstat $PATH Privilege Escalation', 'Description' = %q...
Oracle Linux 5 : Important:kernel (ELSA-2007-0940)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0940 advisory. 2.6.18-8.1.15.0.1.el5 - Fix bonding primary=ethX Bert Barbe IT 101532 ORA 5136660 - Add entropy module option to e1000/bnx2 John Sobecki ORA 6045759...
Oracle Gridengine sgepasswd Buffer Overflow
======= Summary ======= Name: Oracle Gridengine sgepasswd Buffer Overflow Release Date: 30 November 2012 Reference: NGS00107 Discoverer: Edward Torkington Vendor: Oracle Vendor Reference: Systems Affected: Multiple packages - version 62u7 Risk: High Status: Published ======== TimeLine ========...
sing (debian) vunlerability?
Hello, The sing utility Send Nasty ICMP Garbage is a ping replacement that allows sending ICMP packets with spoofed source and custom ICMP types/codes http://sourceforge.net/projects/sing. The debian package provides sing as a suid binary actually, the sid distribution asks the user whether he'd...
OpenAFS filesystem privilege esccalation
Attacke can make fake suid binary on network disk by using protocol weakness...
Zend Platform ini_modifier工具非授权操作漏洞
Zend Platform是企业级PHP应用的运行时平台环境。 Zend Platform软件包的inimodifier工具在使用上存在漏洞,本地攻击者可能利用此漏洞提升权限。 在安装Zend Platform过程中安装了一个名为inimodifier的suid组二进制程序。 $ ls -la /usr/local/Zend/sbin/inimodifier -rwxr-sr-x 1 root zendtech 243240 2006-08-14 16:24 inimodifier...
linux/x86 - setuid0 + execve/bin/sh 28 bytes
linux/x86 setuid0 + execve/bin/sh 28 bytes. Shellcode exploit for linx86 platform / revenge-setuid.c, v1.0 2006/09/30 14:57 linux/x86 setuid0 + execve"/bin//sh", "/bin//sh", NULL shellcode once again... setuid 6 bytes + execve 22 bytes = 28 bytes Same as revenge-execve.c we start the 2 system cal...