刚好最近在玩LINUX 收藏之...慢慢学习...
2.4.17newlocalkmod
2.4.18brkbrk2newlocalkmodkm.2
2.4.19brkbrk2newlocalkmodkm.2
2.4.20ptracekmodptrace-kmodkm.2brkbrk2
2.4.21km.2brkbrk2ptraceptrace-kmod
2.4.22km.2brk2brkptraceptrace-kmod
2.4.22-10loginx./loginx
2.4.23mremap_pte
2.4.24mremap_pteUselib24
2.4.25-1uselib24
2.4.27Uselib24
2.6.0REDHAT 6.2REDHAT 6.2 (zoot)SUSE 6.3SUSE 6.4REDHAT 6.2 (zoot)all top from rpm-------------------------FreeBSD 3.4-STABLE from portFreeBSD 3.4-STABLE from packagesfreeBSD 3.4-RELEASE from portfreeBSD 4.0-RELEASE from packages----------------------------all with wuftpd 2.6.0;=wuftpdh00lyshit
2.6.2mremap_ptekradh00lyshit
2.6.5 to 2.6.10kradkrad2h00lyshit
2.6.8-5krad2./krad xx = 1..9h00lyshit
2.6.9-34r00th00lyshit
2.6.13-17prctlh00lyshit
-------------------
2.4.17 -> newlocal, kmod, uselib242.4.18 -> brk, brk2, newlocal, kmod2.4.19 -> brk, brk2, newlocal, kmod2.4.20 -> ptrace, kmod, ptrace-kmod, brk, brk22.4.21 -> brk, brk2, ptrace, ptrace-kmod2.4.22 -> brk, brk2, ptrace, ptrace-kmod2.4.22-10 -> loginx2.4.23 -> mremap_pte2.4.24 -> mremap_pte, uselib242.4.25-1 -> uselib242.4.27 -> uselib242.6.2 -> mremap_pte, krad, h00lyshit2.6.5 -> krad, krad2, h00lyshit2.6.6 -> krad, krad2, h00lyshit2.6.7 -> krad, krad2, h00lyshit2.6.8 -> krad, krad2, h00lyshit2.6.8-5 -> krad2, h00lyshit2.6.9 -> krad, krad2, h00lyshit2.6.9-34 -> r00t, h00lyshit2.6.10 -> krad, krad2, h00lyshit2.6.13 -> raptor, raptor2, h0llyshit, prctl2.6.14 -> raptor, raptor2, h0llyshit, prctl2.6.15 -> raptor, raptor2, h0llyshit, prctl2.6.16 -> raptor, raptor2, h0llyshit, prctl -----------------------------------------------------
Linux Common Linux 2.2.x ->Linux kernel ptrace/kmod local root exploit () Linux 2.2.x (on exported files, should be vuln) () Linux <= 2.2.25 ->Linux Kernel 2.x mremap missing do_munmap Exploit ()
Linux 2.4.x ->Linux kernel ptrace/kmod local root exploit () Linux 2.4.x -> pwned.c - Linux 2.4 and 2.6 sys_uselib local root exploit () Linux 2.4.x ->Linux kernel 2.4 uselib() privilege elevation exploit () Linux 2.4.20 ->Linux Kernel Module Loader Local R00t Exploit () Linux <= 2.4.22 ->Linux Kernel <= 2.4.22 (do_brk) Local Root Exploit () Linux 2.4.22 ->Linux Kernel 2.4.22 "do_brk()" local Root Exploit (PoC) () Linux <= 2.4.24 ->Linux Kernel 2.x mremap missing do_munmap Exploit () Linux 2.4.x < 2.4.27-rc3 (on nfs exported files) ()
Linux <= 2.6.2 ->Linux Kernel 2.x mremap missing do_munmap Exploit () Linux 2.6.11 -> Linux Kernel <= 2.6.11 (CPL 0) Local Root Exploit (k-rad3.c) () Linux 2.6.13 <= 2.6.17.4 -> Linux Kernel 2.6.13 <= 2.6.17.4 prctl() Local Root Exploit (logrotate) () Linux 2.6.13 <= 2.6.17.4 -> Linux Kernel 2.6.13 <= 2.6.17.4 sys_prctl() Local Root Exploit () Linux 2.6.11 <= 2.6.17.4 -> h00lyshit.c -Linux Kernel <= 2.6.17.4 (proc) Local Root Exploit () Linux 2.6.x < 2.6.7-rc3 (default configuration) () Linux 2.6.x -> pwned.c - Linux 2.4 and 2.6 sys_uselib local root exploit ()
Debian Debian 2.2 ->/usr/bin/pileup Local Root Exploit ()
Ubuntu Ubuntu Breezy 5.10 Installer Password Disclosure Vulnerability ()
Slackware Slackware 7.1 ->/usr/bin/Mail Exploit ()
Mandrake Mandrake 8.2 -> /usr/mail local exploit () Mandrake <= 10.2 -> cdrdao Local Root Exploit ()
Suse SuSE Linux 9.1 -> 'chfn' local root bug () SuSE Linux 9.2 -> 'chfn' local root bug () SuSE Linux 9.3 -> 'chfn' local root bug () SuSE Linux 10.0 -> 'chfn' local root bug () SuSE Linux Enterprise Server 8 -> 'chfn' local root bug () SuSE Linux Enterprise Server 9 -> 'chfn' local root bug ()
BSD Freebsd Freebsd 3.5.1 ->Ports package local root () Freebsd 4.2 ->Ports package local root () FreeBSD 4.x <= 5.4) master.passwd Disclosure Exploit ()
Openbsd Openbsd 2.x - 3.3 ->exec_ibcs2_coff_prep_zmagic() Kernel Exploit () OpenBSD 3.x-4.0 ->vga_ioctl() root exploit ()
Sun-Microsystems Solaris Solaris 2.4 ->lion24.c () Solaris 2.6 with 107733-10 and without 107733-11 () Solaris 2.6 with 107733-10 and without 107733-11 () Solaris 5.5.1 ->X11R6.3 xterm () Solaris 7 with 106950-14 through 106950-22 and without 106950-23 () Solaris 7 with 106950-14 through 106950-22 and without 106950-23 () Solaris 7 without patch 107178-03 () Solaris 7 without patch 107178-03 () Solaris 8 without patch 108949-08 () Solaris 8 without patch 108949-08 () Solaris 8 with 109147-07 through 109147-24 and without 109147-25 () Solaris 8 with 108993-14 through 108993-31 and without 108993-32 () Solaris 8 with 109147-07 through 109147-24 and without 109147-25 () Solaris 8 with 108993-14 through 108993-31 and without 108993-32 () Solaris 9 without patch 116308-01 () Solaris 9 without patch 116308-01 () Solaris 9 without 113476-11 () Solaris 9 without 112963-09 () Solaris 9 without 113476-11 () Solaris 9 without 112963-09 () Solaris 10 (libnspr) Arbitrary File Creation Local Root Exploit () Solaris 10 (libnspr) constructor Local Root Exploit ()
SunOS SunOS 5.10 Generic i86pc i386 i86pc () SunOS 5.9 Generic_112233-12 sun4u ()