Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)

/ description ; Title : X64 NOT +SHIFT-N+ XOR-N encoded /bin/sh - shellcode ; Author : Pedro Cabral ; Twitter : @CabrallPedro ; LinkedIn : https://www.linkedin.com/in/pedro-cabral1992 ; SLAE ID : SLAE64 - 1603 ; Purpose : spawn /bin/sh shell ; Tested On : Ubuntu 16.04.6 LTS ; Arch : x64 ; Size :...

CVE-2019-13049

An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARUSYSFUNCMMAP, leading to escalation of privileges...

Design/Logic Flaw

kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of service upon a critical error in certain syssbrk allocation patterns involving PAGESIZE, and a value less than PAGESIZE...

Integer overflow

An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARUSYSFUNCMMAP, leading to escalation of privileges...

CVE-2019-13049

CVE-2019-13049 affects ToaruOS 1.10.10, where an integer wrap in kernel/sys/syscall.c enables mapping arbitrary kernel pages into a userland process via TOARU_SYS_FUNC_MMAP, causing privilege escalation. Multiple sources corroborate the same description, including Red Hat and CVE databases. The v...

CVE-2019-13048

CVE-2019-13048 concerns ToaruOS kernels (kernel/sys/syscall.c) prior to 1.10.10, where a denial-of-service can occur due to a critical error in certain sys_sbrk allocation patterns involving PAGE_SIZE and a value less than PAGE_SIZE. The connected PT-2019-13095 entry explicitly states affected ve...

CVE-2019-13047

kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in syssysfunc case 9 for TOARUSYSFUNCSETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access...

Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode (70 bytes)

/ Title: Linux/x8664 - Reverse0.0.0.0:4444/TCPShell/bin/sh- Null Free Shellcode ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 70 bytes ;github = https://github.com/STARRBOY compilation and execution of assembly code ------------------------------------- nasm -felf64...

USN-4001-1: libseccomp vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker could use this to bypass...

Ubuntu 16.04 LTS / 18.04 LTS : libseccomp vulnerability (USN-4001-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4001-1 advisory. Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An...

Ubuntu 14.04 LTS : libseccomp vulnerability (USN-4001-2)

USN-4001-1 fixed a vulnerability in libseccomp. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details : Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker...

USN-4001-2 libseccomp vulnerability

USN-4001-1 fixed a vulnerability in libseccomp. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker...

USN-4001-2: libseccomp vulnerability

USN-4001-1 fixed a vulnerability in libseccomp. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker...

USN-4001-1: libseccomp vulnerability

Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker could use this to bypass intended access restrictions for argument-filtered system calls...

USN-4001-1 libseccomp vulnerability

Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker could use this to bypass intended access restrictions for argument-filtered system calls...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS CVE-2018-12127:...

Linux/x86-64 - Delete File Shellcode (28 bytes)

;Title: Linux/x8664 - delete ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 28 bytes This shellcode deletes file declared in "fname" ==================ASSEMBLY ======================================== global start section .text start: jmp short file delete: push 87...

Out-of-bounds Write

Linux kernel is vulnerable to out-of-bounds writes. This is due to the implementation of 32-bit syscall interface for bridging. A privileged user can write arbitrarily write to a limited range of kernel memory...

Privilege Escalation

KVM is vulnerable to privilege escalation vulnerability. A local attacker on the guest system can trigger a debug exception error in syscall emulation to gain elevated privileges on the guest system via the flawed Syscall Emulation Debugging component...

kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c

A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory...