/*//* Local r00t Exploit
for:
*//* Linux Kernel PRCTL Core Dump
Handling
*//* ( BID 18874 / CVE-2006-2451
)
*//* Kernel 2.6.x (= 2.6.13
2.6.17.4) *//*
By:
*//* - dreyer [EMAIL PROTECTED] (main PoC
code) *//* - RoMaNSoFt [EMAIL
On Fri, Jul 14, 2006 at 05:08:58PM +0800, cyberfox2002 wrote:
I have a question. why the payload is not being used in the
exploit? The author erased it purposively??
The payload is not being used in the program itself, but it will be
included in the created coredump and the cron daemon will
From the list charter, Gratuitous advertisement, product placement, or
self-promotion is forbidden.
I feel that you're boarder-line here, others may feel differently. If
you want testers, try contacting people individually. And no, I don't
have enough experience to try and crack it.
Just
On Thu, Jul 13, 2006 at 09:57:05PM -0700, Kyle Lutze wrote:
it seems that this relies on /etc/cron.d being there? or is it specific
to a crond? I use fcron which doesn't use /etc/cron.d and I have been
unable to get the exploit to successfully work. 2.6.14 kernel
sh: /tmp/sh: No such file or
I have written FAQ document including 33 items about the recently reported
0-day vulnerability in PowerPoint.
This vulnerability is being exploited by Trojan horse including keylogger
features.
The document entitled as Microsoft PowerPoint 0-day Vulnerability FAQ is
located at my SecuriTeam
McAfee ePolicy Orchestrator Remote Compromise
Release Date:
July 13, 2006
Severity:
High (Remote Code Execution)
Vendor:
McAfee
Systems Affected:
McAfee Common Management (EPO) Agent versions below version 3.5.5.438
Overview:
McAfee ePolicy Orchestrator is the remote security management
Castigliola, Angelo wrote:
significantly lowering risk and still enjoy the
feature rich functionality that IE offers.
I stopped reading here. You're either joking, or trolling... because no
sane person would make this statement.
Feature rich?
Man, are you all there mentally? Do you
Castigliola, Angelo wrote:
What you missed in my previous note is that I am simply not referring to
only websites but web applications also, specificity .NET web
applications. When I refer to feature rich I am speaking of things such
as view state, output caching, client-side validation,
Hello,attached 0day kernel 2.6 local root exploit. This is a new genuine bug, unpatched in 2.6.17.4 - don't get confused by prctl inside - it is only used to change process status.The code exploits a root race in /prochave a nice day.
All new Yahoo! Mail "The new Interface is stunning in its
On Fri, 14 Jul 2006 21:35:17 +0100 (BST)
Joanna R. [EMAIL PROTECTED] wrote:
Hello,
attached 0day kernel 2.6 local root exploit. This is a new genuine
bug, unpatched in 2.6.17.4 - don't get confused by prctl inside - it
is only used to change process status.
The code exploits a root race
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Jul 14, 2006 at 09:35:17PM +0100, Joanna R. wrote:
Hello,
attached 0day kernel 2.6 local root exploit. This is a new genuine bug,
unpatched in 2.6.17.4 - don't get confused by prctl inside - it is only used
to
change process status.
you need a.out support in kernel for the c0de to work but the bug can be exploited otherwise.
All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine___
Full-Disclosure - We believe in it.
Charter:
On Fri, 14 Jul 2006 21:58:01 +0100 (BST)
Joanna R. [EMAIL PROTECTED] wrote:
you need a.out support in kernel for the c0de to work but the bug can
be exploited otherwise.
[15:12:45 [EMAIL PROTECTED]:~/src/linux$] grep -i out .config
CONFIG_BINFMT_AOUT=y
It is =)
James
[15:12:45 me at homebox:~/src/linux$] grep -i out .config
CONFIG_BINFMT_AOUT=y
It is =)
James
you are obviously unable to run it given even a fully functioning
exploit code. please stop reading this list :-]
here again the c0de in body - I dunno whether it made it through the
scrubbing. Normally I use telnet to SMTP port to write mails so I'm
pretty lost using yahoo. apologise for incovenience.
-- cut --
/*
** Author: h00lyshit
** Vulnerable: Linux 2.6 ALL
**
Hello,
Joanna R. wrote:
Hello,
attached 0day kernel 2.6 local root exploit. This is a new genuine
bug, unpatched in 2.6.17.4 - don't get confused by prctl inside - it
is only used to change process status.
Tested on
[EMAIL PROTECTED] ~ $ uname -a
Linux n-box 2.6.16-gentoo-r9 #1 Fri Jun 9
Joanna R. wrote:
Hello,
attached 0day kernel 2.6 local root exploit. This is a new genuine bug,
unpatched in 2.6.17.4 - don't get confused by prctl inside - it is only used to
change process status.
The code exploits a root race in /proc
have a nice day.
On Fri, 14 Jul 2006 22:29:23 +0100 (BST)
Joanna R. [EMAIL PROTECTED] wrote:
[15:12:45 me at homebox:~/src/linux$] grep -i out .config
CONFIG_BINFMT_AOUT=y
It is =)
James
you are obviously unable to run it given even a fully functioning
exploit code. please stop reading this list :-]
Hi Andre,
Thanks, though I'm not promoting, rather I'm looking for problems. I
should've left out the count, when I tried to explain the continued free
license.
Trust me, the company I work for would rather me NOT ask for
vulnerabilities on public lists. My habit is to find problems sooner
El vie, 14-07-2006 a las 23:55 +0200, Dan B escribió:
Hello,
Joanna R. wrote:
Hello,
attached 0day kernel 2.6 local root exploit. This is a new genuine
bug, unpatched in 2.6.17.4 - don't get confused by prctl inside - it
is only used to change process status.
Tested on 2.6.17.4 -
Hezbollah is ready for open LOLs on Matthew Murphy.
Matthew Murphy has AIDS and Asperger's Syndrome.
Matthew Murphy has sexual relations with his cousin.
___
Full-Disclosure - We believe in it.
Charter:
Hezbollah is ready for open LOLs on Matthew Murphy.
Matthew Murphy has AIDS and Asperger's Syndrome.
Matthew Murphy has sexual relations with his cousin.
___
Full-Disclosure - We believe in it.
Charter:
I know various security research sites that release advisories on new
vulnerabilities have their own way they determine what is critical or not.
Privilege escalation exploits are usually local and require a local account
to exploit. So, it seems that security research sites label these as 'less
This doesn't work on Ubuntu 6.06 LTS.
[EMAIL PROTECTED]:~/tmp$ uname -a
Linux ubuntu 2.6.15-26-386 #1 PREEMPT Fri Jul 7 19:27:00 UTC 2006 i686
GNU/[EMAIL PROTECTED]:~/tmp$ ./a.out
/nfs/hd2/movies/Fight.Club.1999.avi
preparing
trying to exploit /nfs/hd2/movies/Fight.Club.1999.avi
sh-3.1$ whoami
On Fri, 14 Jul 2006 22:35:27 EDT, David Taylor said:
I'm just thinking that people aren't looking at the big picture when they
rate these vulnerabilities.
3/4 of the people in the security industry couldn't see the big picture
if you crazy-glued it to the inside of their eyelids - they're too
25 matches
Mail list logo
