SING is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability and installs an agent with root privileges.
This module exploits a vulnerability in Linux for x86_64. The IA32 system call emulation functionality does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the %RAX register and escalate privileges.
Linux contains a vulnerability in it's exec() implementation that may allow for modification of a setuid process memory via ptrace(). The vulnerability is due to the fact that it is possible for a traced process to exec() a setuid image even when the tracing process is setuid.
The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited locally. NOTE: The user logged on the X server must be the same user of the installed local agent.
Due to insuficient checks when accessing the memory of a process vi /proc/PID/mem the linux kernel is prone to a Privilege escalation.
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. This module exploits this vulnerability and if is successful, install a new agent with root privileges.
On x86_64 Intel CPUs, sysret to a non-canonical address causes a fault on the sysret instruction itself after the stack pointer has been set to a usermode-controlled value, but before the current privilege level (CPL) is changed. A flaw in the ptrace subsystem of the Linux kernel allows a tracer process to set the RIP register of the tracee to a non-canonical address, which is later used when returning to user space with a sysret instruction instead of iret after a system call, thus bypassing sanity checks that were previously introduced to fix related vulnerabilities. This vulnerability can be used by a local unprivileged attacker to corrupt kernel memory and gain root privileges on the affected system.
Exploits a missing verification of parameters within the "vmsplice_to_user()", "copy_from_user_mmap_sem()", and "get_iovec_page_array()" functions in fs/splice.c before using them to perform certain memory operations. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted "vmsplice()" system call, and allows an unprivileged process to elevate privileges to root.
This module exploits a vulnerability in the udp_sendmsg function in the UDP implementation in net/ipv4/udp.c and net/ipv6/udp.c in the Linux kernel before 2.6.19 allowing local users to gain privileges via vectors involving the MSG_MORE flag and a UDP socket.
This module exploits a vulnerability in KOBJECT_UEVENT through an installed unprivileged agent, allowing the execution of arbitrary code with superuser privileges.