CentOS 7.1 / Fedora 22 abrt Local Root
CentOS version 7.1 and Fedora version 22 abrt local root exploit. It leverages abrt-hook-ccpp insecure open() usage and abrt-action-install-debuginfo insecure temp directory usage.
View ArticleLinux Kernel 4.6.3 Netfilter Privilege Escalation
This Metasploit module attempts to exploit a netfilter bug on Linux Kernels befoe 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions...
View ArticleLinux Kernel 4.6.3 Netfilter Privilege Escalation
This Metasploit module attempts to exploit a netfilter bug on Linux Kernels before 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions...
View ArticleLinux Kernel 3.x usb-midi Local Privilege Escalation
Linux kernel version 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) double-free usb-midi SMEP local privilege escalation exploit.
View ArticleLinux Kernel ldso_hwcap Stack Clash Privilege Escalation
Linux kernel ldso_hwcap stack clash privilege escalation exploit. This affects Debian 7/8/9/10, Fedora 23/24/25, and CentOS 5.3/5.11/6.0/6.8/7.2.1511.
View ArticleLinux Kernel ldso_hwcap_64 Stack Clash Privilege Escalation
Linux kernel ldso_hwcap_64 stack clash privilege escalation exploit. This affects Debian 7.7/8.5/9.0, Ubuntu 14.04.2/16.04.2/17.04, Fedora 22/25, and CentOS 7.3.1611.
View ArticleLinux Kernel ldso_dynamic Stack Clash Privilege Escalation
Linux kernel ldso_dynamic stack clash privilege escalation exploit. This affects Debian 9/10, Ubuntu 14.04.5/16.04.2/17.04, and Fedora 23/24/25.
View ArticleApport / ABRT chroot Privilege Escalation
This Metasploit module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace ("container"). Apport versions 2.13 through 2.17.x before 2.17.1 on...
View Articleglibc '$ORIGIN' Expansion Privilege Escalation
This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before...
View ArticleABRT raceabrt Privilege Escalation
This Metasploit module attempts to gain root privileges on Fedora systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. A race condition allows local...
View ArticleMagniComp SysInfo mcsiwrapper Privilege Escalation
This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the...
View ArticleLibuser roothelper Privilege Escalation
This Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper...
View ArticleReliable Datagram Sockets (RDS) Privilege Escalation
This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This...
View ArticleDHCP Client Command Injection (DynoRoot)
This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier...
View ArticleLinux Kernel Local Privilege Escalation
Linux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.
View ArticleLinux Nested User Namespace idmap Limit Local Privilege Escalation
This Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow...
View ArticleSystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment...
View ArticleGrub2 grub2-set-bootflag Environment Corruption
Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
View ArticlevReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This...
View Articlenetkit-telnet 0.17 Remote Code Execution
netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
View Article