"TrueCrypt 4.3 - 'setuid' Local Privilege Escalation"

Author

Exploit author

"Marco Ivaldi"

Platform

Exploit platform

windows

Release date

Exploit published date

2007-04-04

 Download file
# $Id: raptor_truecrypt,v 1.1.1.1 2007/04/04 11:31:56 raptor Exp $
#
# raptor_truecrypt - setuid truecrypt privilege escalation
# Copyright (c) 2007 Marco Ivaldi <raptor@0xdeadbeef.info>
#
# TrueCrypt 4.3, when installed setuid root, allows local users to cause a 
# denial of service (filesystem unavailability) or gain privileges by mounting 
# a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another
# user's home directory, a different issue than CVE-2007-1589 (CVE-2007-1738).
#
# WARNING: THIS IS A PROOF OF CONCEPT EXPLOIT TAKING ADVANTAGE OF NPTL THREAD
# LOCAL STORAGE DYNAMIC LINKING MODEL, DO NOT USE IT IF YOU DON'T KNOW HOW IT
# WORKS! YEAH, IT *DOES* REQUIRE SOME TWEAKINGS TO EXPLOIT NON-TLS PLATFORMS!
#
# Other possible attack vectors: /etc/cron.{d,hourly,daily,weekly,monthly}, at 
# (/var/spool/atjobs/), xinetd (/etc/xinetd.d), /etc/logrotate.d, and more...

http://www.0xdeadbeef.info/exploits/raptor_truecrypt.tgz
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/3664.tgz

# milw0rm.com [2007-04-04]

Release Date	Title	Type	Platform	Author
2020-07-30	"Online Shopping Alphaware 1.0 - Authentication Bypass"	webapps	php	"Ahmed Abbas"
2020-07-29	"Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting"	webapps	php	"Jinson Varghese Behanan"
2020-07-29	"Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion"	webapps	hardware	0xmmnbassel
2020-07-28	"Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion"	webapps	hardware	0xmmnbassel
2020-07-27	"eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution"	webapps	php	"Berk KIRAS"
2020-07-26	"Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH)"	local	windows	"Felipe Winsnes"
2020-07-26	"Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)"	webapps	multiple	bdrake
2020-07-26	"Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)"	local	windows	MasterVlad
2020-07-26	"Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter)"	local	windows	MasterVlad
2020-07-26	"Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)"	dos	windows	"Felipe Winsnes"

Release Date	Title	Type	Platform	Author
2020-07-26	"docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)"	local	windows	MasterVlad
2020-07-26	"Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH)"	local	windows	"Felipe Winsnes"
2020-07-26	"Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)"	local	windows	"Eduard Palisek"
2020-07-26	"Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH)"	local	windows	"Sarang Tumne"
2020-07-26	"Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)"	dos	windows	"Felipe Winsnes"
2020-07-26	"DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow (SEH Egghunter)"	local	windows	MasterVlad
2020-07-26	"Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow (SEH Egghunter)"	local	windows	MasterVlad
2020-07-26	"Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)"	local	windows	MasterVlad
2020-07-23	"Snes9K 0.09z - 'Port Number' Buffer Overflow (SEH)"	local	windows	MasterVlad
2020-07-23	"FTPDummy 4.80 - Local Buffer Overflow (SEH)"	local	windows	"Felipe Winsnes"

Release Date	Title	Type	Platform	Author
2020-04-21	"Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation"	local	solaris	"Marco Ivaldi"
2020-02-11	"OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution"	remote	freebsd	"Marco Ivaldi"
2020-01-16	"SunOS 5.10 Generic_147148-26 - Local Privilege Escalation"	local	multiple	"Marco Ivaldi"
2019-10-21	"Solaris 11.4 - xscreensaver Privilege Escalation"	local	solaris	"Marco Ivaldi"
2019-10-16	"Solaris xscreensaver 11.4 - Privilege Escalation"	local	solaris	"Marco Ivaldi"
2019-06-17	"Exim 4.87 - 4.91 - Local Privilege Escalation"	local	linux	"Marco Ivaldi"
2019-05-20	"Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation"	local	solaris	"Marco Ivaldi"
2019-05-20	"Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)"	local	solaris	"Marco Ivaldi"
2019-05-20	"Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)"	local	solaris	"Marco Ivaldi"
2019-01-14	"xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)"	local	solaris	"Marco Ivaldi"
2018-11-30	"xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation"	local	openbsd	"Marco Ivaldi"
2018-10-30	"xorg-x11-server 1.20.3 - Privilege Escalation"	local	openbsd	"Marco Ivaldi"
2009-09-11	"IBM AIX 5.6/6.1 - '_LIB_INIT_DBG' Arbitrary File Overwrite via Libc Debug"	local	aix	"Marco Ivaldi"
2008-03-10	"Solaris 8/9/10 - 'fifofs I_PEEK' Local Kernel Memory Leak"	local	solaris	"Marco Ivaldi"
2007-04-04	"TrueCrypt 4.3 - 'setuid' Local Privilege Escalation"	local	windows	"Marco Ivaldi"
2007-02-13	"Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack"	remote	multiple	"Marco Ivaldi"
2007-02-13	"Lotus Domino R6 Webmail - Remote Password Hash Dumper"	remote	windows	"Marco Ivaldi"
2007-02-06	"MySQL 4.x/5.0 (Windows) - User-Defined Function Command Execution"	remote	windows	"Marco Ivaldi"
2006-12-19	"Oracle 9i/10g - 'extproc' Local/Remote Command Execution"	remote	multiple	"Marco Ivaldi"
2006-12-19	"Oracle 9i/10g - 'utl_file' FileSystem Access"	remote	linux	"Marco Ivaldi"
2006-11-23	"Oracle 9i/10g - 'read/write/execute' ation Suite"	remote	multiple	"Marco Ivaldi"
2006-10-24	"Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (2)"	local	solaris	"Marco Ivaldi"
2006-10-24	"Solaris 10 libnspr - 'Constructor' Arbitrary File Creation Privilege Escalation (3)"	local	solaris	"Marco Ivaldi"
2006-10-16	"Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (2)"	local	solaris	"Marco Ivaldi"
2006-10-13	"Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (1)"	local	solaris	"Marco Ivaldi"
2006-10-13	"Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (1)"	local	solaris	"Marco Ivaldi"
2006-09-13	"X11R6 < 6.4 XKEYBOARD (Solaris/SPARC) - Local Buffer Overflow (2)"	local	solaris	"Marco Ivaldi"
2006-08-22	"Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure (2)"	local	solaris	"Marco Ivaldi"
2006-08-22	"Solaris 8/9 - '/usr/ucb/ps' Local Information Leak"	local	solaris	"Marco Ivaldi"
2006-07-18	"Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Local Privilege Escalation"	local	linux	"Marco Ivaldi"

import requests

response = requests.get('https://www.nmmapper.com/api/exploitdetails/3664/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Search for hundreds of thousands of exploits

"TrueCrypt 4.3 - 'setuid' Local Privilege Escalation"

Download file

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.