Informatique-inside
Vous n'êtes pas identifié.
#1 18-12-2007 23:11:17
Liste des Kernel Faillibles
Bon, a ma grande surprise, beaucoup de serveurs sont encore exploiter avec des version obsolètes et donc faillible.
C'est pourquoi je viens vous apporter la liste des Kernel Faillible pour Linux avec les Exploit associer.
N'hésitez pas a rajouter et allonger cette liste qui n'est pas exhaustive ... 
Code:
Linux 2.2.x ->Linux kernel ptrace/kmod local root exploit (http://milw0rm.com/exploits/3) Linux 2.2.x (on exported files, should be vuln) (http://milw0rm.com/exploits/718) Linux <= 2.2.25 ->Linux Kernel 2.x mremap missing do_munmap Exploit (http://milw0rm.com/exploits/160) Linux 2.4.x ->Linux kernel ptrace/kmod local root exploit (http://milw0rm.com/exploits/3) Linux 2.4.x -> pwned.c - Linux 2.4 and 2.6 sys_uselib local root exploit (http://milw0rm.com/exploits/895) Linux 2.4.x ->Linux kernel 2.4 uselib() privilege elevation exploit (http://milw0rm.com/exploits/778) Linux 2.4.20 ->Linux Kernel Module Loader Local R00t Exploit (http://milw0rm.com/exploits/12) Linux <= 2.4.22 ->Linux Kernel <= 2.4.22 (do_brk) Local Root Exploit (http://milw0rm.com/exploits/131) Linux 2.4.22 ->Linux Kernel 2.4.22 "do_brk()" local Root Exploit (PoC) (http://milw0rm.com/exploits/129) Linux <= 2.4.24 ->Linux Kernel 2.x mremap missing do_munmap Exploit (http://milw0rm.com/exploits/160) Linux 2.4.x < 2.4.27-rc3 (on nfs exported files) (http://milw0rm.com/exploits/718) Linux <= 2.6.2 ->Linux Kernel 2.x mremap missing do_munmap Exploit (http://milw0rm.com/exploits/160) Linux 2.6.11 -> Linux Kernel <= 2.6.11 (CPL 0) Local Root Exploit (k-rad3.c) (http://milw0rm.com/exploits/1397) Linux 2.6.13 <= 2.6.17.4 -> Linux Kernel 2.6.13 <= 2.6.17.4 prctl() Local Root Exploit (logrotate) (http://milw0rm.com/exploits/2031) Linux 2.6.13 <= 2.6.17.4 -> Linux Kernel 2.6.13 <= 2.6.17.4 sys_prctl() Local Root Exploit (http://milw0rm.com/exploits/2011) Linux 2.6.11 <= 2.6.17.4 -> h00lyshit.c -Linux Kernel <= 2.6.17.4 (proc) Local Root Exploit (http://milw0rm.com/exploits/2013) Linux 2.6.x < 2.6.7-rc3 (default configuration) (http://milw0rm.com/exploits/718) Linux 2.6.x -> pwned.c - Linux 2.4 and 2.6 sys_uselib local root exploit (http://milw0rm.com/exploits/895) Debian Debian 2.2 ->/usr/bin/pileup Local Root Exploit (http://milw0rm.com/exploits/1170) Ubuntu Ubuntu Breezy 5.10 Installer Password Disclosure Vulnerability (http://milw0rm.com/exploits/1579) Slackware Slackware 7.1 ->/usr/bin/Mail Exploit (http://milw0rm.com/exploits/285) Mandrake Mandrake 8.2 -> /usr/mail local exploit (http://milw0rm.com/exploits/40) Mandrake <= 10.2 -> cdrdao Local Root Exploit (http://milw0rm.com/exploits/997) Suse SuSE Linux 9.1 -> 'chfn' local root bug (http://milw0rm.com/exploits/1299) SuSE Linux 9.2 -> 'chfn' local root bug (http://milw0rm.com/exploits/1299) SuSE Linux 9.3 -> 'chfn' local root bug (http://milw0rm.com/exploits/1299) SuSE Linux 10.0 -> 'chfn' local root bug (http://milw0rm.com/exploits/1299) SuSE Linux Enterprise Server 8 -> 'chfn' local root bug (http://milw0rm.com/exploits/1299) SuSE Linux Enterprise Server 9 -> 'chfn' local root bug (http://milw0rm.com/exploits/1299) BSD Freebsd Freebsd 3.5.1 ->Ports package local root (http://milw0rm.com/exploits/286) Freebsd 4.2 ->Ports package local root (http://milw0rm.com/exploits/286) FreeBSD 4.x <= 5.4) master.passwd Disclosure Exploit (http://milw0rm.com/exploits/1311) Openbsd Openbsd 2.x - 3.3 ->exec_ibcs2_coff_prep_zmagic() Kernel Exploit (http://milw0rm.com/exploits/125) OpenBSD 3.x-4.0 ->vga_ioctl() root exploit (http://milw0rm.com/exploits/3094) Sun-Microsystems Solaris Solaris 2.4 ->lion24.c (http://milw0rm.com/exploits/328) Solaris 2.6 with 107733-10 and without 107733-11 (http://milw0rm.com/exploits/1182) Solaris 2.6 with 107733-10 and without 107733-11 (http://milw0rm.com/exploits/1182) Solaris 5.5.1 ->X11R6.3 xterm (http://milw0rm.com/exploits/338) Solaris 7 with 106950-14 through 106950-22 and without 106950-23 (http://milw0rm.com/exploits/1182) Solaris 7 with 106950-14 through 106950-22 and without 106950-23 (http://milw0rm.com/exploits/1182) Solaris 7 without patch 107178-03 (http://milw0rm.com/exploits/714) Solaris 7 without patch 107178-03 (http://milw0rm.com/exploits/713) Solaris 8 without patch 108949-08 (http://milw0rm.com/exploits/713) Solaris 8 without patch 108949-08 (http://milw0rm.com/exploits/714) Solaris 8 with 109147-07 through 109147-24 and without 109147-25 (http://milw0rm.com/exploits/1182) Solaris 8 with 108993-14 through 108993-31 and without 108993-32 (http://milw0rm.com/exploits/715) Solaris 8 with 109147-07 through 109147-24 and without 109147-25 (http://milw0rm.com/exploits/1182) Solaris 8 with 108993-14 through 108993-31 and without 108993-32 (http://milw0rm.com/exploits/715) Solaris 9 without patch 116308-01 (http://milw0rm.com/exploits/714) Solaris 9 without patch 116308-01 (http://milw0rm.com/exploits/713) Solaris 9 without 113476-11 (http://milw0rm.com/exploits/715) Solaris 9 without 112963-09 (http://milw0rm.com/exploits/1182) Solaris 9 without 113476-11 (http://milw0rm.com/exploits/715) Solaris 9 without 112963-09 (http://milw0rm.com/exploits/1182) Solaris 10 (libnspr) Arbitrary File Creation Local Root Exploit (http://milw0rm.com/exploits/2543) Solaris 10 (libnspr) constructor Local Root Exploit (http://milw0rm.com/exploits/2641) SunOS SunOS 5.10 Generic i86pc i386 i86pc (http://milw0rm.com/exploits/1073) SunOS 5.9 Generic_112233-12 sun4u (http://milw0rm.com/exploits/1073) 2.4.17 newlocal kmod 2.4.18 brk brk2 newlocal kmod km.2 2.4.19 brk brk2 newlocal kmod km.2 2.4.20 ptrace kmod ptrace-kmod km.2 brk brk2 2.4.21 km.2 brk brk2 ptrace ptrace-kmod 2.4.22 km.2 brk2 brk ptrace ptrace-kmod 2.4.22-10 loginx ./loginx 2.4.23 mremap_pte 2.4.24 mremap_pte Uselib24 2.4.25-1 uselib24 2.4.27 Uselib24 2.6.0 REDHAT 6.2 REDHAT 6.2 (zoot) SUSE 6.3 SUSE 6.4 REDHAT 6.2 (zoot) all top from rpm ------------------------- FreeBSD 3.4-STABLE from port FreeBSD 3.4-STABLE from packages freeBSD 3.4-RELEASE from port freeBSD 4.0-RELEASE from packages ---------------------------- all with wuftpd 2.6.0; = wuftpd h00lyshit 2.6.2 mremap_pte krad h00lyshit 2.6.5 to 2.6.10 krad krad2 h00lyshit 2.6.8-5 krad2 ./krad x x = 1..9 h00lyshit 2.6.9-34 r00t h00lyshit 2.6.13-17 prctl h00lyshit ------------------- 2.4.17 -> newlocal, kmod, uselib24 2.4.18 -> brk, brk2, newlocal, kmod 2.4.19 -> brk, brk2, newlocal, kmod 2.4.20 -> ptrace, kmod, ptrace-kmod, brk, brk2 2.4.21 -> brk, brk2, ptrace, ptrace-kmod 2.4.22 -> brk, brk2, ptrace, ptrace-kmod 2.4.22-10 -> loginx 2.4.23 -> mremap_pte 2.4.24 -> mremap_pte, uselib24 2.4.25-1 -> uselib24 2.4.27 -> uselib24 2.6.2 -> mremap_pte, krad, h00lyshit 2.6.5 -> krad, krad2, h00lyshit 2.6.6 -> krad, krad2, h00lyshit 2.6.7 -> krad, krad2, h00lyshit 2.6.8 -> krad, krad2, h00lyshit 2.6.8-5 -> krad2, h00lyshit 2.6.9 -> krad, krad2, h00lyshit 2.6.9-34 -> r00t, h00lyshit 2.6.10 -> krad, krad2, h00lyshit 2.6.13 -> raptor, raptor2, h0llyshit, prctl 2.6.14 -> raptor, raptor2, h0llyshit, prctl 2.6.15 -> raptor, raptor2, h0llyshit, prctl 2.6.16 -> raptor, raptor2, h0llyshit, prctl
Vous pouvez d'ailleur tester vos systemes avec les exploit qui sont associer.
Ces exploit une fois de plus je le rèpète, ne sont présent qu'a but informatif et dans l'apprentissage de la sécurité de vos systemes.
Hors ligne