This exploit leverages three vulnerabilities to escalate privileges. The primary vulnerability is a kernel stack overflow, not a stack buffer overflow as the CVE description incorrectly states. This may be the first public exploit for a kernel stack overflow, and it turns out to be a bit tricky due to some particulars of the econet vulnerability. It involves the econet_sendmsg function, ec_dev_ioctl function, and the ipc subsystem. Linux kernel versions prior to 2.6.36.2 are affected.
bd4bed020aee338cfb73fae11991a04aLinux kernel versions prior to 2.6.37-rc2 ACPI custom_method local root privilege escalation exploit.
a41939e57f2a957032e77705b515d89fWhitepaper called Exploiting Stack Overflows in the Linux Kernel.
82564d305e487def5750ceebb2687c81Linux kernel versions prior to 2.6.36-rc6 pktcdvd kernel memory disclosure exploit.
bd262a32a99c96cc365a054ad47cdf65Linux Kernel versions prior to 2.6.36-rc1 CAN BCM privilege escalation exploit.
184242eae9777261f38c5fc68c4e74dcLinux kernel versions 2.6.33.3 and below SCTP INIT remote denial of service exploit.
212a5fdca08c986c8e487687831c5032Linux Kernel versions 2.6.34-rc3 and below ReiserFS xattr privilege escalation exploit.
cab9c613214bfe3439fcdb7d81b975d4ISC DHCP dhclient scripts_write_params() stack buffer overflow exploit.
0ec16a6f3d31b4088eedff4643bf281bDam Burst is a simple utility that allows an unprivileged user to disable the censorship functionality of the Green Dam Youth Escort software. Dam Burst operates by injecting code into a running application and removing the Green Dam hooks that enable it to monitor and block user activity, effectively restoring the running application to its original uncensored state.
bacb81fa63707e78ca1ec66d2241773aLinux 2.6 kernel versions prior to 2.6.31-rc7 AF_IRDA 29 byte stack disclosure exploit.
8f5d17ba50188d6e80c694c11d316c19Linux kernel versions 2.6.31-rc7 and below AF_LLC getsockname 5-byte stack disclosure exploit.
9caccbe69ebdbd5e222e541439400cb8Linux kernel versions prior to 2.6.30.5 cfg80211 remote denial of service exploit.
999d928aa852f96be0483b3d76cc9cecprocfs memory disclosure exploit for Linux kernel versions prior to 2.6.14.6.
8cc2cbdef15eb432257ab82c2a6f20abLinux kernel versions 2.6.31-rc5 and below sigaltstack 4-byte stack disclosure exploit.
c4eff56eb6753aab192fc13e326e8005ISC DHCP dhclient versions below 3.1.2p1 remote buffer overflow proof of concept exploit.
5a864fd4128cd438f38a0e7b62ef558bOpenSSL versions below 0.9.8i DTLS ChangeCipherSpec remote denial of service exploit.
0f9054c289a0fab81f30c48e4f2e32dfOpenSSL versions 0.9.8k and 1.0.0-beta2 DTLS remote memory exhaustion denial of service exploit.
455eeeeabcfe361fef23f6b0686933faLinux 2.6 kernel udev versions below 1.4.1 local privilege escalation exploit.
88076ff8f3391f74c8c6c77d8b8343fflibvirt_proxy versions 0.5.1 and below local privilege escalation exploit.
93a22f575a7c2284af162d79660263e5pam-krb5 versions below 3.13 local privilege escalation exploit.
0d6c524308f164c89e349e687c6e32adD-Bus Daemon versions prior to 1.2.4 remote denial of service exploit that uses a message with a malformed signature.
15faf34c47571be3d19a6d68925af62dLinux Kernel versions below 2.6.26.4 SCTP kernel memory disclosure exploit.
353370e5d019f68d62c550da08ef3de6CUPS versions below 1.3.8-4 privilege escalation exploit.
5c4bf25869b83e37410764017074420fAvahi mDNS daemon versions below 0.6.24 remote denial of service exploit.
9cc5e7920bbe4ab0f87bfa1edf853d18Linux kernel versions 2.6.27.8 and below ATMSVC local denial of service exploit.net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.
80a515a501277c0dbca78fc79f86a16b
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed