Home

Awesome

LinuxFlaw

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace.

If the vulnerability has both CVE-ID and EDB-ID, CVE-ID is preferred as its directory name. All the vulnerable source code packages are stored in source-packages

Vmware Workstation Images

Image Nameusernamepassword
Ubuntu 8.10exploitexploit
Ubuntu 10.04LTSexploitexploit
CentOS 6.5corecore
CentOS 5.5corecore
Ubuntu 11.04dzm77dzm77
Ubuntu 12.04ubuntuubuntu
Fedorafedorafedora
OpenSUSEcorecore
Ubuntu 14.04_corecorecore
Kalirootkali
Ubuntu_14.04_alexresearch-cvetoortoor
Ubuntu_14.04_ptptpt

For details of vulnerabilities(in which virtual machine, what is the reproduction workspace, etc.), please refer to virtualmachine.csv

If you encounter problems with keyword "Failed to lock files", you could try to delete any .lck or .lock files or folders in the directory of the problematic VM.

CVE-ID List

EDB-ID List

Other-ID list

Classification

Stack Overflow

Heap Overflow

BSS/Data Overflow

Use-After-Free

Double Free

Invalid Free

Null Pointer

Uninitialized Memory

Stack exhaustion

Heap exhaustion

Memory Leak

Note

Enable/Disable Security mitigations

Please refer to Traditional Mitigation Repository to check security mitigations and how to enable/disable them.