CVE-2021-33909

Exploit code for CVE-2021-33909,Just a dump of removed https://github.com/AmIAHuman/ repo

CVE-2021-33909 Exploit code for CVE-2021-33909,Just a dump of removed githubcom/AmIAHuman/ repo Sequoia (CVE-2021-33909) Building gcc exploitc -o exploit Running "mkdir dir;/exploit $(pwd)/dir" chmod +x exploit /exploit One-Liner gcc exploitc -o exploit;chmod +x exploit;/exploit Credits blogqualyscom/vulnerabilities-threat-research/2021/07/20/

CodeQL workshop for C/C++: Integer conversion This workshop is adapted from this material In this workshop we will explore integer conversion, how it is represented by the standard library, and how it to relates to type conversion security vulnerabilities Contents CodeQL workshop for C/C++: Integer conversion Contents Prerequisites and setup instructions Workshop Learnings

Sequoia exploit (7/20/21)

Sequoia (CVE-2021-33909) Building gcc exploitc -o exploit Running chmod +x exploit /exploit One-Liner gcc exploitc -o exploit;chmod +x exploit;/exploit Credits blogqualyscom/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escala

This module fixes an issue in the kernels filesystem layer (CVE-2021-33909) by kprobe-replacing vulnerable functions during runtime

Kernel runtime fix of CVE-2021-33909 This repository builds an out-of-tree module named "cve-2021-33909ko" cve-2021-33909 fixes an issue in the kernels filesystem layer by kprobe-replacing vulnerable functions during runtime It can be build via "make", setting KDIR to the kernels (source-/header-)directory It can be loaded directly via "insmod cve-2

LinuxVulnerabilities Sequoia Local Priv Escalation - LPE security flaw CVE-2021-33909 (wwwqualyscom/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linuxtxt) wwwbleepingcomputercom/news/security/new-linux-kernel-bug-lets-you-get-root-on-most-modern-distros/

Deep directories in containers The depth of directory trees is not bounded in some container platforms This allows a maliicious container processes to create directory trees that, depending on platform and system resources, can exhaust available memory when traversing, making removal difficult without manual intervention Demo Create a pod that creates a very deep series of ne

some interesting exploit articles

exploit_articles CVE-2021-22555: Turning \x00\x00 into 10000$ Meet WiFiDemon – iOS WiFi RCE 0-Day Vulnerability, and a Zero-Click Vulnerability That Was Silently Patched How to mitigate CVE-2021-33909 Sequoia with Falco – Linux filesystem privilege escalation vulnerability Bypassing Image Load Kernel Callbacks Privilege escalation with polkit: How to get root

Testing static and dynamic security checks of integer related bugs in GCC & Clang

Overview Integer bugs are interesting and the root of A LOT of problems in this world Can we cause them to crash or detect them at compile time? Below is a list of interesting things to look for Unsigned and signed integer overflows are two different stories Clang can do both dynamically but GCC cannot Floats do not have any sort of dynamic protection on overflows tldr;

CVE-2021-33909 Sequoia

CVE-2021-33909 Sequoia Writeup gcc exploitc -o exploit -lpthread -DBLOCK_VIA_USERFAULTFD gcc exploithelloc -o exploithello -lpthread -lfuse -D_FILE_OFFSET_BITS=64 $ mkdir dir $ /exploit $(pwd)/dir # id