The GNU C dynamic linker (ld.so) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to create a world writable file in the /etc/cron.d directory. Then it uses the file to install an agent with root privileges. Finally the world writable file is deleted.
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges. This module exploits this vulnerability.
The DRDA protocol dissector in Wireshark can enter an infinite loop when processing an specially crafted DRDA packet with the iLength field set to 0, causing Wireshark to stop responding.
Multiple vulnerabilities have been identified in Sun Java System Web Server, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by buffer overflow errors when processing malformed "TRACE" or "OPTIONS" requests, or overly long "Authorization: Digest" headers, which could be exploited by attackers to crash an affected server or execute arbitrary code. This exploit forces the server process to throw an unhandled exception and be restarted.
This module sends HTTP requests with specially crafted data making the PHP process consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. The PATH parameter must point to a PHP web page, which they normally have a ".php" extension.
Subscribe to Linux