1580 matches found
kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c
The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memor...
Google Android syscall handler buffer overflow vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. syscall handler is one of the system call handlers. A buffer overflow vulnerability exists in the syscall handler in Android. An attacker can exploit this vulnerability to perform...
Linux Kernel (Debian 910 Ubuntu 14.04.516.04.217.04 Fedora 232425) - ldso_dynamic Stack Clash Local Privilege Escalation
Linux Kernel Debian 910 Ubuntu 14.04.516.04.217.04 Fedora 232425 - ldsodynamic Stack Clash Local Privilege Escalation / Linuxldsodynamic.c for CVE-2017-1000366, CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms o...
Linux/x86 - Bind Shell Shellcode (75 bytes)
/ Architecture : x86 OS : Linux Author : wetw0rk ID : SLAE-958 Shellcode Size : 75 bytes Bind Port : 4444 Description : A linux/x86 bind shell via /bin/sh. Created by analysing msfvenom; original payload was 78 bytes and contained 1 NULL. My shellcode is 75 and contains 0 NULLS ;. Original...
CVE-2017-7518
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...
UBUNTU-CVE-2017-7518
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...
Linux/x86 - Reverse UDP Shellcode (668 bytes)
Linux/x86 - Reverse UDP Shellcode 668 bytes. Shellcode exploit for Linx86 platform ; SLAE-X ; thanks to writesup from previou students : ; assignment: 2. create a reverse shell ; originality: using UDP instead TCP ; usage : sudo ncat -lup 53 on the receiving end ; warning, this shellcode might...
CVE-2016-10342
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler...
Buffer overflow
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler...
Integer overflow
In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler...
CVE-2016-10340
In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler...
CVE-2016-10342
CVE-2016-10342 is a buffer overflow in an Android CAF Linux kernel syscall handler. Attack requires local access and user interaction, with potential for high impact (admin privileges) per CVSS data. Affected: Android CAF builds using the Linux kernel; exploit details are not provided in the link...
Linux/x86-64 - /bin/sh Shellcode (31 bytes)
Linux/x86-64 - /bin/sh Shellcode 31 bytes. Shellcode exploit for Linx86-64 platform / ;Title: Linux/x86-64 - /bin/sh Shellcode ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: This shellcode baased on "JMP CALL POP"...
CVE-2016-10340
In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler...
OracleVM 3.3 / 3.4 : sudo (OVMSA-2017-0110)
The remote OracleVM system is missing necessary patches to address critical security updates : - Fixes CVE-2017-1000367 Resolves: rhbz1455399 - Update noexec syscall blacklist - Fixes CVE-2016-7032, CVE-2016-7076 Resolves: rhbz1391938 - RHEL-6.9 erratum - Fix race condition when creating...
Apple MacOS 32-Bit Syscall Exit Kernel Register Leak(CVE-2017-2509)
The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to userspace, unixsyscall in bsd/dev/i386/systemcalls.c calls threadexceptionreturn in osfmk/x8664/locore.s, which in turn...
Apple macOS - 32-bit syscall exit Kernel Register Leak Exploit
Exploit for macOS platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to...
Apple macOS - '32-bit syscall exit' Kernel Register Leak
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to userspace, unixsyscall in...
Apple macOS - 32-bit syscall exit Kernel Register Leak
Apple macOS - 32-bit syscall exit Kernel Register Leak Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To...
Windows 10 x64 - Egghunter Shellcode (45 bytes)
PUBLIC Win10egghunterx64 .code Win10egghunterx64 PROC start: push 7fh pop rdi ; RDI is nonvolatile, so it will be preserved after syscalls setup: inc rdi ; parameter 1 - lpAddress - counter mov r9b,40h ; parameter 3 - flNewProtect - 0x40 PAGEEXECUTEREADWRITE pop rsi ; Stack alignment before the...