Lucene search
K

5049 matches found

securityvulns
securityvulns
added 2002/05/10 12:0 a.m.34 views

OpenBSD local DoS and root exploit

The following is research material from FozZy from Hackademy and Hackerz Voice newspaper http://www.hackerzvoice.org, and can be distributed modified or not if proper credits are given to them. For educational purposes only, no warranty of any kind, I may be wrong, this post could kill you mail...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2002/04/23 12:0 a.m.39 views

Security Advisory FreeBSD-SA-02:23.stdio

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:23.stdio Security Advisory The FreeBSD Project Topic: insecure handling of stdio file descriptors Category: core Module: kernel Announced: 2002-04-22 Credits: Joost Pol...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2002/04/23 12:0 a.m.39 views

Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure

/ source: https://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are valid open files before execing setuid images. Consequently, I/O that are opened by a setuid process may be assigned fi...

7AI score
Exploits0
CERT
CERT
added 2002/03/01 12:0 a.m.21 views

Oracle9i Application Server allows unauthenticated access to PL/SQL applications via alternate Database Access Descriptor

Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. By specifying the Database Access Descriptor DAD used to access a PL/SQL application, an attacker could gain unauthorized access to the application...

7AI score
Exploits0References2
CERT
CERT
added 2002/02/28 12:0 a.m.35 views

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via Database Access Descriptor password

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. Specifying a crafted password for a Database Access Descriptor DAD could cause a denial of service or execute arbitrary code with the...

7.5CVSS9.9AI score0.13139EPSS
Exploits0References6
Cvelist
Cvelist
added 2002/02/02 5:0 a.m.25 views

CVE-2001-1047

Race condition in OpenBSD VFS allows local users to cause a denial of service kernel panic by 1 creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or 2 calling dup2 on a file descriptor in one process, then setting the descriptor to NU...

6.2AI score0.00269EPSS
Exploits0References5
securityvulns
securityvulns
added 2001/06/05 12:0 a.m.24 views

Locally exploitable races in OpenBSD VFS

my apologies if it ends up submitted twice Let's start with the trivial: good old aliasing bugs. Example 1: dup2 vs. close. Relevant file: kern/kerndescrip.c sysdup2p, v, retval struct proc p; void v; registert retval; snip if uintold = fdp-fdnfiles || fdp-fdofilesold == NULL || uintnew =...

7.4AI score
Exploits0
NVD
NVD
added 2001/06/02 4:0 a.m.21 views

CVE-2001-1047

Race condition in OpenBSD VFS allows local users to cause a denial of service kernel panic by 1 creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or 2 calling dup2 on a file descriptor in one process, then setting the descriptor to NU...

1.2CVSS6.2AI score0.00269EPSS
Exploits0References5
NVD
NVD
added 2001/05/03 4:0 a.m.21 views

CVE-2001-0268

The i386setldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USERLDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table LDT with a target that...

7.2CVSS6.6AI score0.00589EPSS
Exploits0References8
CVE
CVE
added 2001/01/22 5:0 a.m.45 views

CVE-2000-1040

CVE-2000-1040 concerns a format string vulnerability in the logging function of ypbind 3.3 when run in debug mode. The flaw can leak file descriptors and allow a denial of service. Some sources (Mandrake MDKSA-2000:064) also mention a related buffer overflow in ypserv if the build system lacks vs...

10CVSS6.4AI score0.02516EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2000/10/20 4:0 a.m.12 views

CVE-2000-0786

GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERVGROUPS and USERVGIDS environmental variables and allow local users to bypass some access restrictions...

4.6CVSS6.3AI score0.00337EPSS
Exploits0References4
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.21 views

CVE-2000-0786

GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERVGROUPS and USERVGIDS environmental variables and allow local users to bypass some access restrictions...

6.3AI score0.00337EPSS
Exploits0References4
CVE
CVE
added 2000/10/13 4:0 a.m.47 views

CVE-2000-0786

GNU userv 1.0.0 and earlier are affected by an issue where improper file descriptor swapping can corrupt the USERV_GROUPS and USERV_GIDS environment variables, potentially allowing local users to bypass some access restrictions. The public documentation identifies the affected component and the c...

4.6CVSS6.7AI score0.00337EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2000/01/04 5:0 a.m.64 views

CVE-1999-0886

Technical details for CVE-1999-0886 are not publicly provided in the supplied documents. Monitor for updates. The records note a RASMAN security descriptor issue enabling an alternate location via the Windows NT Service Control Manager.

9CVSS7AI score0.21573EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 1999/12/07 12:0 a.m.35 views

ftpd.dos.pl

Who has more free file descriptors & network ports, you or the ftp server ? ftpd's which limit connections to 1 per user@host or similar may have some defense against this, or if they don't support multiple data connections open at the same time. I suspect "many" is the number of ftpd's which are...

7.4AI score
Exploits0
exploitpack
exploitpack
added 1999/11/10 12:0 a.m.44 views

ISC BIND 8.2.2 IRIX 6.5.17 Solaris 7.0 - NXT Overflow Denial of Service

ISC BIND 8.2.2 IRIX 6.5.17 Solaris 7.0 - NXT Overflow Denial of Service // source: https://www.securityfocus.com/bid/788/info There are several vulnerabilities in recent BIND packages pre 8.2.2. The first is a buffer overflow condition which is a result of BIND improperly validating NXT records...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 1999/11/10 12:0 a.m.49 views

ISC BIND 8.2.2 / IRIX 6.5.17 / Solaris 7.0 - NXT Overflow / Denial of Service

// source: https://www.securityfocus.com/bid/788/info There are several vulnerabilities in recent BIND packages pre 8.2.2. The first is a buffer overflow condition which is a result of BIND improperly validating NXT records. The consequence of this being exploited is a remote root compromise...

7.4AI score
Exploits0
Cvelist
Cvelist
added 1999/09/29 4:0 a.m.24 views

CVE-1999-0083

getcwd file descriptor leak in FTP...

6.6AI score0.01758EPSS
Exploits0References1
CVE
CVE
added 1999/09/29 4:0 a.m.66 views

CVE-1999-0062

The OpenBSD chpass command is affected by a local-privilege-escalation flaw caused by file-descriptor leakage, enabling a local user to gain root access. The provided documents do not specify affected versions, exact root-cause details, exploit steps, or available fixes. No exploitation workflow ...

7.2CVSS7.5AI score0.00573EPSS
Exploits0References1Affected Software1
CVE
CVE
added 1999/09/29 4:0 a.m.59 views

CVE-1999-0083

CVE-1999-0083 corresponds to a getcwd() file descriptor leak in FTP. The available connected data identifies the vulnerability as a leak in the getcwd() call within FTP, but no exploit details are provided. CVSS 2.0 metrics indicate a Network attack vector, Low attack complexity, no authenticatio...

5CVSS7.4AI score0.01758EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder