proc File - Descriptors Directory Permissions Bypass

Hi! This is forward from lkml, so no, I did not invent this hole. Unfortunately, I do not think lkml sees this as a security hole, so... Jamie Lokier said: a the current permission model under /proc/PID/fd has a security hole which Jamie is worried about I believe its bugtraq time. Being able to...

proc File Descriptors Directory Permissions bypass

No description provided by source. Hi! This is forward from lkml, so no, I did not invent this hole. Unfortunately, I do not think lkml sees this as a security hole, so... Jamie Lokier said: a the current permission model under /proc/PID/fd has a security hole which Jamie is worried about I belie...

Design/Logic Flaw

Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service system crash by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."...

CVE-2009-2194

Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service system crash by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."...

CVE-2009-2194

CVE-2009-2194 affects Mac OS X v10.5 prior to 10.5.8. A synchronization issue in how local sockets share file descriptors allows a local user to trigger a denial of service (system crash) by placing file descriptors in messages sent to a socket with no receiver. The issue is addressed in Security...

Mandriva Update for clamav MDKSA-2007:043 (clamav)

Check for the Version of clamav OpenVAS Vulnerability Test Mandriva Update for clamav MDKSA-2007:043 clamav Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Ubuntu Update for postfix vulnerabilities USN-642-1

Ubuntu Update for Linux kernel vulnerabilities USN-642-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6421.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for postfix vulnerabilities USN-642-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu Update for krb5 vulnerabilities USN-587-1

Ubuntu Update for Linux kernel vulnerabilities USN-587-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5871.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for krb5 vulnerabilities USN-587-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

kernel: Unix sockets kernel panic

The scmdestroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service panic via vectors related to sending an SCMRIGHTS message through a UNIX...

Design/Logic Flaw

The linkimage function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly ...

linux-panic.txt

include include include include include include static int ownchildint us int pid; int s2; struct msghdr mh; char crap1024; struct iovec iov; struct cmsghdr c; int fd; int rc; pid = fork; if pid == -1 err1, "fork"; if pid closeus1; return pid; closeus0; memset&mh, 0, sizeofmh; iov.iovbase = "a";...

CVE-2008-5029

The scmdestroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service panic via vectors related to sending an SCMRIGHTS message through a UNIX...

Design/Logic Flaw

The scmdestroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service panic via vectors related to sending an SCMRIGHTS message through a UNIX...

CVE-2008-5029

The scmdestroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service panic via vectors related to sending an SCMRIGHTS message through a UNIX...

CVE-2008-4554

The dosplicefrom function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the OAPPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file...

CVE-2008-4554

The dosplicefrom function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the OAPPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file...

CVE-2008-4554

CVE-2008-4554 affects the Linux kernel in the do_splice_from function (fs/splice.c). Before 2.6.27, it does not reject file descriptors with the O_APPEND flag, allowing a local attacker to bypass append mode and make arbitrary changes to other parts of a file. The vulnerability is tied to the ker...

PHP Command Shell, Find Sock

Spawn a shell on the established connection to the webserver. Unfortunately, this payload can leave conspicuous evil-looking entries in the apache error logs, so it is probably a good idea to use a bind or reverse shell unless firewalls prevent them from working. The issue this payload takes...

DEBIAN-CVE-2008-3889

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service application slowdown or exit via a crafted command, as...

CVE-2008-3889

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service application slowdown or exit via a crafted command, as...