Posts by: Marco Ivaldi (aka raptor)
CVE-2019-10149 exploit: local privilege escalation on Debian GNU/Linux via Exim
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. (CVE-2019-10149) I have…
Raptor at INFILTRATE 2019
2019 marks 20 years of my professional career in information security. What better way to celebrate this milestone than to give a talk at INFILTRATE? For those who are not…
CVE-2019-2832 – Local privilege escalation via CDE dtprintinfo
A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to…
CVE-2018-14665 exploit: local privilege escalation on Solaris 11
I was investigating another 0day, when I noticed that Solaris 11 is also affected by the recent Xorg local privilege escalation vulnerability (CVE-2018-14665). For a number of reasons, finding a…
CVE-2018-14665 exploit: local privilege escalation on OpenBSD 6.3 and 6.4
This is my take on the recent Xorg vulnerability (CVE-2018-14665): "A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg.…
How a UNIX hacker discovered the Windows PowerShell
*** EDIT (2018-03-12): This script served me very well during these last months and I've finally decided to publish it. It is now included in my Tactical Exploitation Toolkit. As a…