automatic module_metadata_base.json update

2019-03-06 18:02:18 -08:00 · 2019-03-06 18:02:18 -08:00 · 76de3b12a7
parent 468679f907
commit 76de3b12a7
1 changed files with 86 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -43179,6 +43179,45 @@
    "notes": {
    }
  },
+  "exploit_android/local/su_exec": {
+    "name": "Android 'su' Privilege Escalation",
+    "full_name": "exploit/android/local/su_exec",
+    "rank": 0,
+    "disclosure_date": "2017-08-31",
+    "type": "exploit",
+    "author": [
+
+    ],
+    "description": "This module uses the su binary present on rooted devices to run\n          a payload as root.\n\n          A rooted Android device will contain a su binary (often linked with\n          an application) that allows the user to run commands as root.\n          This module will use the su binary to execute a command stager\n          as root. The command stager will write a payload binary to a\n          temporary directory, make it executable, execute it in the background,\n          and finally delete the executable.\n\n          On most devices the su binary will pop-up a prompt on the device\n          asking the user for permission.",
+    "references": [
+
+    ],
+    "platform": "Android,Linux",
+    "arch": "aarch64, armle, x86, x64, mipsle",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "aarch64",
+      "armle",
+      "x86",
+      "x64",
+      "mipsle"
+    ],
+    "mod_time": "2018-10-01 17:50:33 +0000",
+    "path": "/modules/exploits/android/local/su_exec.rb",
+    "is_install_path": true,
+    "ref_name": "android/local/su_exec",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    }
+  },
  "exploit_apple_ios/browser/safari_libtiff": {
    "name": "Apple iOS MobileSafari LibTIFF Buffer Overflow",
    "full_name": "exploit/apple_ios/browser/safari_libtiff",
@ -43596,6 +43635,53 @@
    "notes": {
    }
  },
+  "exploit_freebsd/local/intel_sysret_priv_esc": {
+    "name": "FreeBSD Intel SYSRET Privilege Escalation",
+    "full_name": "exploit/freebsd/local/intel_sysret_priv_esc",
+    "rank": 500,
+    "disclosure_date": "2012-06-12",
+    "type": "exploit",
+    "author": [
+      "Rafal Wojtczuk",
+      "John Baldwin",
+      "iZsh",
+      "bcoles <bcoles@gmail.com>"
+    ],
+    "description": "This module exploits a vulnerability in the FreeBSD kernel,\n        when running on 64-bit Intel processors.\n\n        By design, 64-bit processors following the X86-64 specification will\n        trigger a general protection fault (GPF) when executing a SYSRET\n        instruction with a non-canonical address in the RCX register.\n\n        However, Intel processors check for a non-canonical address prior to\n        dropping privileges, causing a GPF in privileged mode. As a result,\n        the current userland RSP stack pointer is restored and executed,\n        resulting in privileged code execution.\n\n        This module has been tested successfully on:\n\n        FreeBSD 8.3-RELEASE (amd64); and\n        FreeBSD 9.0-RELEASE (amd64).",
+    "references": [
+      "BID-53856",
+      "CVE-2012-0217",
+      "EDB-28718",
+      "PACKETSTORM-113584",
+      "URL-https://www.freebsd.org/security/patches/SA-12:04/sysret.patch",
+      "URL-https://blog.xenproject.org/2012/06/13/the-intel-sysret-privilege-escalation/",
+      "URL-https://github.com/iZsh/exploits/blob/master/stash/CVE-2012-0217-sysret/CVE-2012-0217-sysret_FreeBSD.c",
+      "URL-https://fail0verflow.com/blog/2012/cve-2012-0217-intel-sysret-freebsd/",
+      "URL-http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc",
+      "URL-https://www.slideshare.net/nkslides/exploiting-the-linux-kernel-via-intels-sysret-implementation"
+    ],
+    "platform": "BSD",
+    "arch": "x64",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Automatic"
+    ],
+    "mod_time": "2018-12-21 15:40:01 +0000",
+    "path": "/modules/exploits/freebsd/local/intel_sysret_priv_esc.rb",
+    "is_install_path": true,
+    "ref_name": "freebsd/local/intel_sysret_priv_esc",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    }
+  },
  "exploit_freebsd/local/mmap": {
    "name": "FreeBSD 9 Address Space Manipulation Privilege Escalation",
    "full_name": "exploit/freebsd/local/mmap",