Linux kernel ELF core dump privilege elevation advisory and proof of concept exploit. Affects the 2.2 series up to and including 2.2.27-rc2 and 2.4 up to and including 2.4.31-pre1. Also affected is 2.6 up to and including 2.6.12-rc4.
212888e5da8ea742abd0cc0bfa4ca3154edd8f5a58ea7bade1c81b8ebb10754bA locally exploitable flaw has been found in the Linux page fault handler code that allows users to gain root privileges if running on multiprocessor machine.
214351de609f4dc4b72e3eef348a9ef9870d7de16823db0bf41a51b7d21295e6Locally exploitable flaws have been found in the Linux binary format loaders' uselib() functions that allow local users to gain root privileges. Linux kernel versions 2.4 up to and including 2.4.29-pre3, 2.6 up to and including 2.6.10 are affected. Exploit included.
dc8912477cabd4620eccb9621b77afc571d533b90b200dfc6fc0b9d16173ee04A locally exploitable flaw has been found in the Linux socket layer that allows a local user to hang a vulnerable machine. Kernel version 2.4 up to and including 2.4.28 and 2.6 up to and including 2.6.9 are susceptible. Full exploitation provided.
82a4d30397e375670877101fd568eef691baac3098d148ecc92a14d4113999f3Multiple bugs both locally and remotely exploitable have been found in the Linux IGMP networking module and the corresponding user API. Full exploit provided. Linux kernels 2.4 up to and include 2.4.28 and 2.6 up to and including 2.6.9 are affected.
abea45d57330bec18503dd9ea76e21f5d34db415e88430327a7b05eab5aecaf0A subtle race condition in Linux kernels below 2.4.28 allow a non-root user to increment (up to 256 times) any arbitrary location(s) in kernel space. This flaw could be used to gain elevated privileges.
d671cbd752252bb78a3d63491ad5f4be3c8c380bfeaa1eecfe09915f101df920Five different flaws have been identified in the Linux ELF binary loader. Exploit included core dumps a non-readable but executable ELF file.
6d1a1dcc2d1f40d16e7881000db74eeb1ea2358c6b174e5ef41c1033b6596cf8A critical security vulnerability has been found in the Linux kernel code handling 64bit file offset pointers. Successful exploitation allows local users to have access to kernel memory. Kernel series affected are 2.4.26 and below and 2.6.7 and below. Full exploit provided.
92706af943a287522ac0045554f0149a454453a2c0f2f0482f4e4f98d714283aLinux kernel versions 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 have an integer overflow in setsockopt MCAST_MSFILTER. Proper exploitation of this vulnerability can lead to privilege escalation.
836369aad1ed778a870f252f0733e83e6fb921672b010265395c6bb0c30ddc9dA critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2.
483ed3b485fe72175ca9d4f6e07e3c8cc8998ed7ee2f98e6a72a1016b9373ac3A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2.
15e57e93f04e6f6e219e6d6e4da2f41a33f772b68029df65fa0dcaf3e0bde0a7The mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access. Updated version of the original release of this document.
0a4e3c81dc818181f880893f3f4e1c339b5517ada7d7b0d09c8ac1ddf34cbe95The mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access.
1f3565207e96102d6a63c660b43ba3e8e06061f744c34c3ff6a6df7a1d02e5efLinux kernel do_brk local root exploit for kernel v2.4 prior to 2.4.23.
f98be0441d82e009d44e6c534ff42d61320cb3bbe6090cd293642c072981f3d8Whitepaper discussing the do_brk() bug found in the Linux kernel versions 2.4.22 and below.
f9441924d1d758b7d9e9169cafe1da43fefef7a64c59926ec655dab9173e8bdcDetailed information on the linux kernel v2.4 prior to v2.4.23 local root vulnerability in the do_brk() kernel function. Kernels 2.4.20-18.9, 2.4.22 (vanilla), and 2.4.22 with grsecurity patch are confirmed vulnerable.
43a76479ec2e92c678e1e79c86fa11a5609b490ba6e29b4d220c64300a875126Appcap is an application for x86 Linux which allows root on a machine to attach and redirect standard input and output of any application to his actual tty. Appcap can help admins running a multiuser machine to snoop on users. It is especially very useful for tracing and monitoring ssh and telnet sessions.
cddc2516ea1f004646e84826e5bcfaa6f30d6b1b47320ef43edca41f1c33e5f8RSX is a Linux LKM which stops most buffer overflow attacks. It is a Runtime addressSpace eXtender providing on the fly code remapping of existing Linux binaries in order to implement non-executable stack as well as non-exec short/long heap areas. RSX targets common buffer-overflow problems preventing code execution in mapped data-only areas. Currently a 2.4.x version of the kernel module is available.
ae4b689feaf93c5e1e1b4e43c24cf1ad1d1274a002df6d49a1c9837817fafd10LSM (Loadable Security Module) is a simple but effective intrusion prevention loadable kernel module. Currently it protects extended file attributes on ext2 from being modified by the super user and the module from being removed and other modules from being loaded. This basic protection also prevents access to raw devices, so debugfs can not be used on a disk partition nor can a change to the boot process occur. Loading this module prevents lilo configuration.
1de7821846c64cd5d4168a036843a4cea66368f91eaf9ef6b0e7ee18e1f4daf0Maxty is a small kernel-space tty sniffer. It is a LKM which will attach to read/write syscalls and save incoming/outgoing requests to opened tty devices into separate log files. It provides a way keeping a track what is happening on virtual consoles similar to a keystroke recorder.
44af52529e2c55eecf2a19c6d6257e982aae1af2af68139ed8ece8d2723b156aPatches for Openssh-2.1.1 to exploit the SSH1 crc32 remote vulnerability.
4d5482a1c11fa6938554ffda52292aaf2894fd00793cdfbc28a33a512f6e94ddThis article discusses the recently discovered security hole in the crc32 attack detector as found in common ssh packages like OpenSSH and derivatives using the ssh-1 protocol. It is possible to exploit the crc32 hole to gain remote access to accounts without providing any password or to change login-uid if a valid account on the remote machine exists. Includes an exploit in the form of a set of patches to Openssh-2.1.1.
cd27d3d0419edb7ada37aee549f85877335a9048bec6e6842b8c7614a5947806Smit is a simple ARP hijacking tool for switched and unswitched networks. The source is based on arpmitm and arprelay and includes nice features such as automatic ARP MAC query and an improved MAC cache consistence algorithm. You can also run Smit in transproxy-only mode and use your favourite sniffer to capture 'hijacked' packets on switched networks.
f6b0bbb9acb2b5247541f8e9327ba3a86e30a865317acd35438ed13ae74ed9eb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed