CentOS 7.1 / Fedora 22 abrt Local Root
CentOS version 7.1 and Fedora version 22 abrt local root exploit. It leverages abrt-hook-ccpp insecure open() usage and abrt-action-install-debuginfo insecure temp directory usage.
View ArticleLinux Kernel 4.6.3 Netfilter Privilege Escalation
This Metasploit module attempts to exploit a netfilter bug on Linux Kernels befoe 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions...
View ArticleLinux Kernel 4.6.3 Netfilter Privilege Escalation
This Metasploit module attempts to exploit a netfilter bug on Linux Kernels before 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions...
View ArticleLinux Kernel 3.x usb-midi Local Privilege Escalation
Linux kernel version 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) double-free usb-midi SMEP local privilege escalation exploit.
View ArticleLinux Kernel ldso_hwcap Stack Clash Privilege Escalation
Linux kernel ldso_hwcap stack clash privilege escalation exploit. This affects Debian 7/8/9/10, Fedora 23/24/25, and CentOS 5.3/5.11/6.0/6.8/7.2.1511.
View ArticleLinux Kernel ldso_hwcap_64 Stack Clash Privilege Escalation
Linux kernel ldso_hwcap_64 stack clash privilege escalation exploit. This affects Debian 7.7/8.5/9.0, Ubuntu 14.04.2/16.04.2/17.04, Fedora 22/25, and CentOS 7.3.1611.
View ArticleLinux Kernel ldso_dynamic Stack Clash Privilege Escalation
Linux kernel ldso_dynamic stack clash privilege escalation exploit. This affects Debian 9/10, Ubuntu 14.04.5/16.04.2/17.04, and Fedora 23/24/25.
View ArticleApport / ABRT chroot Privilege Escalation
This Metasploit module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace ("container"). Apport versions 2.13 through 2.17.x before 2.17.1 on...
View Articleglibc '$ORIGIN' Expansion Privilege Escalation
This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before...
View ArticleABRT raceabrt Privilege Escalation
This Metasploit module attempts to gain root privileges on Fedora systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. A race condition allows local...
View ArticleMagniComp SysInfo mcsiwrapper Privilege Escalation
This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the...
View ArticleLibuser roothelper Privilege Escalation
This Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper...
View ArticleReliable Datagram Sockets (RDS) Privilege Escalation
This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This...
View ArticleDHCP Client Command Injection (DynoRoot)
This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier...
View ArticleLinux Kernel Local Privilege Escalation
Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.
View ArticleLinux Nested User Namespace idmap Limit Local Privilege Escalation
This Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow...
View ArticleSystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment...
View ArticleGrub2 grub2-set-bootflag Environment Corruption
Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
View ArticlevReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This...
View Articlenetkit-telnet 0.17 Remote Code Execution
netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
View ArticleFedora / Gnome fscaps Issue
Fedora with Gnome has an issue where it is not using fscaps safely.
View ArticleSequoia: A Deep Root In Linux's Filesystem Layer
Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an...
View ArticleApache Tomcat Privilege Escalation
This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The...
View ArticleGNOME Files 43.4 Privilege Escalation
GNOME Files version 43.4 (nautilus) on Fedora 37 will extract zip archives with setuid files for other user identifiers that can be leveraged to escalate privileges.
View ArticleGlibc Tunables Privilege Escalation
A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. It has been dubbed Looney Tunables. This issue allows an local attacker to...
View Article