5049 matches found
OpenBSD local DoS and root exploit
The following is research material from FozZy from Hackademy and Hackerz Voice newspaper http://www.hackerzvoice.org, and can be distributed modified or not if proper credits are given to them. For educational purposes only, no warranty of any kind, I may be wrong, this post could kill you mail...
Security Advisory FreeBSD-SA-02:23.stdio
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:23.stdio Security Advisory The FreeBSD Project Topic: insecure handling of stdio file descriptors Category: core Module: kernel Announced: 2002-04-22 Credits: Joost Pol...
Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure
/ source: https://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are valid open files before execing setuid images. Consequently, I/O that are opened by a setuid process may be assigned fi...
Oracle9i Application Server allows unauthenticated access to PL/SQL applications via alternate Database Access Descriptor
Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. By specifying the Database Access Descriptor DAD used to access a PL/SQL application, an attacker could gain unauthorized access to the application...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via Database Access Descriptor password
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. Specifying a crafted password for a Database Access Descriptor DAD could cause a denial of service or execute arbitrary code with the...
CVE-2001-1047
Race condition in OpenBSD VFS allows local users to cause a denial of service kernel panic by 1 creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or 2 calling dup2 on a file descriptor in one process, then setting the descriptor to NU...
Locally exploitable races in OpenBSD VFS
my apologies if it ends up submitted twice Let's start with the trivial: good old aliasing bugs. Example 1: dup2 vs. close. Relevant file: kern/kerndescrip.c sysdup2p, v, retval struct proc p; void v; registert retval; snip if uintold = fdp-fdnfiles || fdp-fdofilesold == NULL || uintnew =...
CVE-2001-1047
Race condition in OpenBSD VFS allows local users to cause a denial of service kernel panic by 1 creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or 2 calling dup2 on a file descriptor in one process, then setting the descriptor to NU...
CVE-2001-0268
The i386setldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USERLDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table LDT with a target that...
CVE-2000-1040
CVE-2000-1040 concerns a format string vulnerability in the logging function of ypbind 3.3 when run in debug mode. The flaw can leak file descriptors and allow a denial of service. Some sources (Mandrake MDKSA-2000:064) also mention a related buffer overflow in ypserv if the build system lacks vs...
CVE-2000-0786
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERVGROUPS and USERVGIDS environmental variables and allow local users to bypass some access restrictions...
CVE-2000-0786
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERVGROUPS and USERVGIDS environmental variables and allow local users to bypass some access restrictions...
CVE-2000-0786
GNU userv 1.0.0 and earlier are affected by an issue where improper file descriptor swapping can corrupt the USERV_GROUPS and USERV_GIDS environment variables, potentially allowing local users to bypass some access restrictions. The public documentation identifies the affected component and the c...
CVE-1999-0886
Technical details for CVE-1999-0886 are not publicly provided in the supplied documents. Monitor for updates. The records note a RASMAN security descriptor issue enabling an alternate location via the Windows NT Service Control Manager.
ftpd.dos.pl
Who has more free file descriptors & network ports, you or the ftp server ? ftpd's which limit connections to 1 per user@host or similar may have some defense against this, or if they don't support multiple data connections open at the same time. I suspect "many" is the number of ftpd's which are...
ISC BIND 8.2.2 IRIX 6.5.17 Solaris 7.0 - NXT Overflow Denial of Service
ISC BIND 8.2.2 IRIX 6.5.17 Solaris 7.0 - NXT Overflow Denial of Service // source: https://www.securityfocus.com/bid/788/info There are several vulnerabilities in recent BIND packages pre 8.2.2. The first is a buffer overflow condition which is a result of BIND improperly validating NXT records...
ISC BIND 8.2.2 / IRIX 6.5.17 / Solaris 7.0 - NXT Overflow / Denial of Service
// source: https://www.securityfocus.com/bid/788/info There are several vulnerabilities in recent BIND packages pre 8.2.2. The first is a buffer overflow condition which is a result of BIND improperly validating NXT records. The consequence of this being exploited is a remote root compromise...
CVE-1999-0083
getcwd file descriptor leak in FTP...
CVE-1999-0062
The OpenBSD chpass command is affected by a local-privilege-escalation flaw caused by file-descriptor leakage, enabling a local user to gain root access. The provided documents do not specify affected versions, exact root-cause details, exploit steps, or available fixes. No exploitation workflow ...
CVE-1999-0083
CVE-1999-0083 corresponds to a getcwd() file descriptor leak in FTP. The available connected data identifies the vulnerability as a leak in the getcwd() call within FTP, but no exploit details are provided. CVSS 2.0 metrics indicate a Network attack vector, Low attack complexity, no authenticatio...