Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
tags | exploit, kernel, root systems | linux, fedora, ubuntu advisories | CVE-2010-3904 SHA-256 | bc46d127784cc25a8eebe3568a7dc33efb953a22d3a6de8a44f9394b892ee0c6 Download | Favorite | View Grub2 grub2-set-bootflag Environment Corruption Posted Authored by Tavis Ormandy, Google Security Research This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33. and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic. This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). tags | exploit, remote, code execution systems | linux, fedora SHA-256 | b3e199216f3edbb0703f308315218c7eff607145a1632bdb92a43e0891a62931 Download | Favorite | View vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation Posted Authored by Dan Rosenberg, Brendan Coles | Site Netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
tags | exploit systems | linux, fedora SHA-256 | 5fe12d617595a462d2a4fb41da183c392412f1d518d9ef97c94501d8e6a9f976 Download | Favorite | View netkit-telnet 0.17 Remote Code Execution Posted Authored by Ronald Huizer tags | exploit, kernel, local, root, proof of concept systems | linux, debian, fedora, ubuntu advisories | CVE-2021-33909, CVE-2021-33910 SHA-256 | 0c0b69962c7c4951fd574d5a8b85049490d77ada7568b05cfb4bce7ca40aa09a Download | Favorite | View Fedora / Gnome fscaps Issue Posted Authored by Tavis Ormandy, Google Security Researchįedora with Gnome has an issue where it is not using fscaps safely. A basic proof of concept (a crasher) is attached to this advisory. They successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation other Linux distributions are certainly vulnerable, and probably exploitable. Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. Sequoia: A Deep Root In Linux's Filesystem Layer Posted Authored by Qualys Security Advisory
0 kommentar(er)
