Skip to content
Resurrect vulnerabilities one CVE at the times
C HTML Dockerfile Shell PHP
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CVE-2014-4699
CVE-2014-6271
CVE-2016-3714
CVE-2016-4622
CVE-2016-5195
CVE-2017-5030
CVE-2018-10115
README.md
rootfs.x86_64.ext2.gz
shell.php

README.md

Cemetery

As medicine pregressed using corpse, I want to learn resuming old vulnerabilities.

Meta

Resurrect corpe, I mean, vulnerabilities, can be troublesome

Qemu

It's pretty cool to use qemu to run different kernels or debug them.

BTW sometimes it's a pain: so here some troubleshooting

  • try -m 1024 if panic

  • Could not read from CD-ROM (code 0009): download desktop version

  • Arch linux Qemu page

Old Ubuntu releases

You can grab them from http://old-releases.ubuntu.com.

Debian kernel package

For Debian exists snapshot.debian.org to retrieve old packages.

Take in mind that to find a specific vulnerable kernel package you have to read what is vulnerable from the specific vulnerability tracker here for dirtycow and probably you will find the source package; after that you must look at what packages have been generated from that (search on snapshot site the source package's name, look for the specific version from all the available ones and then there is a section named Binary packages).

After that, some kernel need an initrd that is generated when installed, without it the system fails to boot since at least the module to mount the root filesystem is needed.

The best option is probably use docker: insert a unique entry for snapshot.debian.org that makes sense, install the kernel and after that copy the initrd from the /boot directory.

Link

You can’t perform that action at this time.