Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Recent Linux vulnerabilities

from [Leonardo Eloy] Network Security [Permanent Link]
Subject: Recent Linux vulnerabilities
Date: Tue, 18 Jan 2005 11:17:46 -0300 
Hi list,

It's known that the Linux kernel has multiple vulnerabilities (I counted 22 just this month, listed below). In the audits I've been participating I turned my main test point to the Linux Kernel, when local user privilege has been achieved.

I was wondering, how many of you do really use these vulnerabilities when doing pen tests?


List of known kernel vulnerabilites in January/2005 (soruce: securityfocus.com):

2005-01-14: Linux Kernel SMBFS Multiple Remote Vulnerabilities
2005-01-14: Linux Kernel Multiple Local MOXA Serial Driver Buffer Overflow Vulnerabilities
2005-01-14: Linux Kernel ELF Binary Loading Denial Of Service Vulnerability
2005-01-14: Linux Kernel IGMP Multiple Vulnerabilities
2005-01-14: Linux Kernel USB io_edgeport Driver Local Integer Overflow Vulnerability
2005-01-14: Linux Kernel SCM_SEND Local Denial of Service Vulnerability
2005-01-14: Linux Kernel EXT3 File System Information Leakage Vulnerability
2005-01-14: Linux Kernel BINFMT_ELF Loader Local Privilege Escalation Vulnerabilities
2005-01-14: Linux Kernel AF_UNIX Arbitrary Kernel Memory Modification Vulnerability
2005-01-14: Linux Kernel USB Driver Uninitialized Structure Information Disclosure Vulnerability
2005-01-13: Linux Kernel User Triggerable BUG() Unspecified Local Denial of Service Vulnerability
2005-01-13: Linux Kernel Local Denial Of Service And Memory Disclosure Vulnerabilities
2005-01-13: Linux kernel Uselib() Local Privilege Escalation Vulnerability
2005-01-11: Linux Kernel Multiple Unspecified Vulnerabilities
2005-01-11: Linux Kernel Local RLIMIT_MEMLOCK Bypass Denial Of Service Vulnerability
2005-01-11: Linux Kernel SCSI IOCTL Integer Overflow Vulnerability
2005-01-11: Linux Kernel Random Poolsize SysCTL Handler Integer Overflow Vulnerability
2005-01-11: Linux Security Modules Process Capabilities Design Error Vulnerability
2005-01-05: Linux Kernel Local File Descriptor Passing Security Module Bypass Vulnerability
2005-01-05: Linux Kernel SYSENTER Thread Information Pointer Local Information Disclosure Vulnerability
2005-01-04: Linux Kernel Sock_DGram_SendMsg Local Denial Of Service Vulnerability
2005-01-04: Linux Kernel Multiple Local Vulnerabilities
Regards,

--
Leonardo Eloy, LPIC-1, FCSE
Security Analyst
Morphus Tecnologia
Fone/Fax: 85 3452.5733/5737
Móvel: 85 8802.6740
e-mail: leonardo@morphus.com.br
site: http://www.morphus.com.br


The information contained in this message and in the attached files are 
restricted, and its confidentiality protected by law. In case you are not the 
addressee, be aware that the reading, spreading and copy of this message is 
unauthorized. Please, delete this message and notify the sender. The improper 
use of this information will be treated according the company's internal rules 
and legal laws.

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: DoS/DDoS Attack, Jerry Shenk
Next by Date:  RE: priviledge escalation techniques, Marc Maiffret
Previous by Thread:  priviledge escalation techniques, Dan Rogers
Next by Thread:  Re: Recent Linux vulnerabilities, Michael Richardson
Indexes:  [Date] [Thread] [Top] [All Lists]