Sandbox Escape: Linux 3.4+: arbitrary write with CONFIG_X86_X32

asmlinkage long compatsysrecvmmsgint fd, struct compatmmsghdr user mmsg, unsigned int vlen, unsigned int flags, struct compattimespec user timeout int datagrams; struct timespec ktspec; if flags & MSGCMSGCOMPAT return -EINVAL; if COMPATUSE64BITTIME return sysrecvmmsgfd, struct mmsghdr user mmsg,...

unbreakable enterprise kernel security update

kernel-uek 2.6.32-400.33.4uek - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls Emese Revfy Orabug: 17951083 CVE-2013-2141 - ipoutput: do skb ufo init for peeked non ufo skb as well Jiri Pirko Orabug: 17951078 CVE-2013-4470 - KVM: x86: Fix potential divide by 0 in lapic...

Qualcomm Gandalf camera driver

The camera driver provides several interfaces to user space clients. The user space clients communicate to the kernel via syscalls such as ioctl or mmap. The camera driver provides an uncontrolled mmap interface that allows an application with access to the device file to map physical memory...

Linux x86_64 - add user with passwd (189 bytes)

No description provided by source. ;scadduser01.S ;Arch: x8664, Linux ; ;Author: 0o -- nullnull ; nu11.nu11 at yahoo.com ;Date: 2012-03-05 ; ;compile an executable: nasm -f elf64 scadduser.S ; ld -o scadduser scadduser.o ;compile an object: nasm -o scadduserobj scadduser.S ; ;Purpose: adds user...

Linux x86_64 - add user with passwd 189 bytes

Linux x8664 - add user with passwd 189 bytes. Shellcode exploit for linx86-64 platform ;scadduser01.S ;Arch: x8664, Linux ; ;Author: 0o -- nullnull ; nu11.nu11 at yahoo.com ;Date: 2012-03-05 ; ;compile an executable: nasm -f elf64 scadduser.S ; ld -o scadduser scadduser.o ;compile an object: nasm...

Портирование эксплойта ACPI custom_method.

Наткнулся недавно на упоминание декабрьского эксплойта Jon Oberheide. В качестве челленджа задался идеей портировать этот эксплойт. Первоначальный эксплойт работает только на ноутбуках где есть LID ACPI девайс состояния крышки и исключительно на 64-битных системах. Задача: портировать эксплойт на...

Distributed Ruby send syscall vulnerability

Exploit for windows platform in category remote exploits view source print? This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

BSD x86 connect back Shellcode 81 bytes

BSD x86 connect back Shellcode 81 bytes. Shellcode exploit for bsdx86 platform / -------------- FreeBSD/x86 - connect back /bin/sh. 81 bytes ---------------- AUTHOR : Tosh OS : BSDx86 Tested on FreeBSD 8.1 EMAIL : [email protected] / include include include char shellcode =...

systemtap: Crash with systemtap script using __get_argv()

Multiple integer signedness errors in the 1 getargv and 2 getcompatargv functions in tapset/auxsyscalls.stp in SystemTap 1.1 allow local users to cause a denial of service script crash, or system crash or hang via a process with a large number of arguments, leading to a buffer overflow...

kernel: x86-64: syscall-audit: 32/64 syscall hole

The auditsyscallentry function in the Linux kernel 2.6.28.7 and earlier on the x8664 platform does not properly handle 1 a 32-bit process making a 64-bit syscall or 2 a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted...

CentOS 5 : kernel (CESA-2008:1017)

Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any...

Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak

/ written by Ingo Molnar -- it's true because this comment says the exploit was written by him! / include include unsigned int r81; unsigned int r82; unsigned int r91; unsigned int r92; unsigned int r101; unsigned int r102; unsigned int r111; unsigned int r112; unsigned int r121; unsigned int r12...

linux/x86 Self-modifying shellcode for IDS evasion 64 bytes

Exploit for linux/x86 platform in category shellcode =========================================================== linux/x86 Self-modifying shellcode for IDS evasion 64 bytes =========================================================== / Description: linux/x86 Self-modifying ShellCode for IDS evasio...

Linux Kernel <= 2.6.30 atalk_getname() 8-bytes Stack Disclosure Exploit

No description provided by source. / appleak.c Linux keunouille = 2.6.30 AppleTalk getsockname 8-bytes kernel stack disclosure http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d392475c873c10c10d6d96b94d092a34ebd4791 atalkgetname can leak 8 bytes of kernel memory to use...

kernel: x86-64: syscall-audit: 32/64 syscall hole

The auditsyscallentry function in the Linux kernel 2.6.28.7 and earlier on the x8664 platform does not properly handle 1 a 32-bit process making a 64-bit syscall or 2 a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted...

Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-752-1)

NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. CVE-2008-4307 Sparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a...

Ubuntu 7.10 / 8.04 LTS / 8.10 : linux, linux-source-2.6.22 vulnerabilities (USN-751-1)

NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. Ubuntu 8.10 was not affected. CVE-2008-4307 Sparc syscalls did not correctly check mmap regions. A local attacker could cause a...

Ubuntu: Security Advisory (USN-752-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-752-1: Linux kernel vulnerabilities

NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. CVE-2008-4307 Sparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a...

USN-751-1: Linux kernel vulnerabilities

NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. Ubuntu 8.10 was not affected. CVE-2008-4307 Sparc syscalls did not correctly check mmap regions. A local attacker could cause a...