This module exploits a vulnerability in the Linux apport application. The apport application can be forced to drop privileges to uid 0 and write a corefile anywhere on the system. This can be used to write a corefile with crafted contents in a suitable location to gain root privileges.
The GNU C dynamic linker (ld.so) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to create a world writable file in the /etc/cron.d directory. Then it uses the file to install an agent with root privileges. Finally the world writable file is deleted.
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges. This module exploits this vulnerability.
The DRDA protocol dissector in Wireshark can enter an infinite loop when processing an specially crafted DRDA packet with the iLength field set to 0, causing Wireshark to stop responding.
Multiple vulnerabilities have been identified in Sun Java System Web Server, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by buffer overflow errors when processing malformed "TRACE" or "OPTIONS" requests, or overly long "Authorization: Digest" headers, which could be exploited by attackers to crash an affected server or execute arbitrary code. This exploit forces the server process to throw an unhandled exception and be restarted.
Subscribe to Linux