Calibre E-Book Reader Local Root

No description provided by source. / .80 Calibrer Assault Mount by zx2c4 Yesterday's assult mount used inotify to mount into /etc/pam.d. Today we expand the attack by adding a race toggler so we can mount from non-block devices. Enjoy. - zx2c4 2011-11-4 greets to djrbliss / include stdio.h includ...

Calibre E-Book Reader Local Root Race Condition Exploit

No description provided by source. !/bin/sh .70-Calibrer Assault Mount by Dan Rosenberg @djrbliss and zx2c4 Yesterday we learned how Calibre's ability to mount anything anywhere resulted in a local root. Today's exploit shows a race condition to subvert recent changes preventing symlinks and...

WordPress W3 Total Cache Data Disclosure

!/bin/bash C Copyright 2012 Jason A. Donenfeld . All Rights Reserved. |---------------| | W3 Total Fail | | by zx2c4 | |---------------| For more info, see built-in help text. Most up to date version is available at: http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh This affects all curren...

Tunnelblick - Local Privilege Escalation (2)

!/bin/sh Pwnnel Blicker for kids zx2c4 This is another exploit for Tunnel Blick. Other exploits for Tunnel Blick are available here: http://git.zx2c4.com/Pwnnel-Blicker/tree/ echo "+ Making vulnerable directory." mkdir -pv /tmp/pwn/openvpn/openvpn-0 echo "+ Preparing payload." cat...

Linux kernel 2.6.x write本地权限提升漏洞(CVE-2012-0056)

BUGTRAQ ID: 51625 CVE ID: CVE-2012-0056 Linux是自由电脑操作系统内核。 Linux Kernel在SUID /proc/pid/mem write的实现上存在本地权限提升漏洞，攻击者可利用此漏洞获取提升的权限，以内核级别执行任意代码 0 Linux kernel 2.6.x http://www.kb.cert.org/vuls/id/470151 http://blog.zx2c4.com/749 / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write ...

Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Local Privilege Escalation (1)

/ Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 EDB-Note: Updated version can be found here: https://www.exploit-db.com/exploits/35161/ Exploit Title: Mempodipper - Linux Local Root for =2.6.39, 32-bit and 64-bit...

Mempodipper - Linux Local Root for >=2.6.39, 32-bit and 64-bit

Exploit for linux platform in category local exploits Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 Exploit Title: Mempodipper - Linux Local Root for =2.6.39, 32-bit and 64-bit Date: Jan 21, 2012 Author: zx2c4...

Linux Kernel 2.6.39 3.2.2 (x86x64) - Mempodipper Local Privilege Escalation (2)

Linux Kernel 2.6.39 3.2.2 x86x64 - Mempodipper Local Privilege Escalation 2 / Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per...

Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Local Privilege Escalation (2)

/ Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per usual, this time I've put it in a rather lengthy blog post:...

Calibre E-Book Reader - Local Privilege Escalation (3)

Calibre E-Book Reader - Local Privilege Escalation 3 / .80 Calibrer Assault Mount by zx2c4 Yesterday's assult mount used inotify to mount into /etc/pam.d. Today we expand the attack by adding a race toggler so we can mount from non-block devices. Enjoy. - zx2c4 2011-11-4 greets to djrbliss /...

Calibre E-Book Reader Local Root Race Condition Exploit

Exploit for linux platform in category local exploits !/bin/sh .70-Calibrer Assault Mount by Dan Rosenberg @djrbliss and zx2c4 Yesterday we learned how Calibre's ability to mount anything anywhere resulted in a local root. Today's exploit shows a race condition to subvert recent changes preventin...

Calibre E-Book Reader - Race Condition Privilege Escalation

Calibre E-Book Reader - Race Condition Privilege Escalation !/bin/sh .70-Calibrer Assault Mount by Dan Rosenberg @djrbliss and zx2c4 Yesterday we learned how Calibre's ability to mount anything anywhere resulted in a local root. Today's exploit shows a race condition to subvert recent changes...

Calibre E-Book Reader - Race Condition Privilege Escalation

!/bin/sh .70-Calibrer Assault Mount by Dan Rosenberg @djrbliss and zx2c4 Yesterday we learned how Calibre's ability to mount anything anywhere resulted in a local root. Today's exploit shows a race condition to subvert recent changes preventing symlinks and checking path prefixes. - djrbliss &...

Calibre E-Book Reader - Local Privilege Escalation (1)

Calibre E-Book Reader - Local Privilege Escalation 1 !/bin/sh .50-Calibrer Assault Mount by zx2c4 Calibre uses a suid mount helper, and like nearly all suid mount helpers that have come before it, it's badly broken. Let's go through Calibre's faulty code available at http://pastebin.com/auz9SULi...

Calibre E-Book Reader Local Root Exploit

Exploit for linux platform in category local exploits !/bin/sh .50-Calibrer Assault Mount by zx2c4 Calibre uses a suid mount helper, and like nearly all suid mount helpers that have come before it, it's badly broken. Let's go through Calibre's faulty code available at http://pastebin.com/auz9SULi...

PolicyKit polkit-1 < 0.101 - Local Privilege Escalation

/ polkit-pwnage.c ============================== = PolicyKit Pwnage = = by zx2c4 = = Sept 2, 2011 = ============================== Howdy folks, This exploits CVE-2011-1485, a race condition in PolicyKit. davidz25 explains: --begin-- Briefly, the problem is that the UID for the parent process of...

Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service) (2)

/ TCPMAXSEG Kernel Panic DoS for Linux include include include include include int main struct sockaddrin laddr; memset&laddr, 0, sizeofladdr; laddr.sinfamily = AFINET; laddr.sinaddr.saddr = inetaddr"127.0.0.1"; laddr.sinport = htons31337; int listener = socketPFINET, SOCKSTREAM, IPPROTOTCP; if...

Linux Kernel 2.6 TCP_MAXSEG Denial Of Service

/ TCPMAXSEG Kernel Panic DoS for Linux include include include include include int main struct sockaddrin laddr; memset&laddr, 0, sizeofladdr; laddr.sinfamily = AFINET; laddr.sinaddr.saddr = inetaddr"127.0.0.1"; laddr.sinport = htons31337; int listener = socketPFINET, SOCKSTREAM, IPPROTOTCP; if...