CVE-2002-1125

FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including 1 asmon, 2 ascpu, 3 bubblemon, 4 wmmon, and 5 wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory...

Unsafe file descriptors handling in FreeBSD libkvm

Launched user supplied application still have access to file descriptors...

iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities

iDEFENSE Security Advisory 09.16.2002 FreeBSD Ports libkvm Security Vulnerabilities DESCRIPTION The FreeBSD ports asmon, ascpu, bubblemon, wmmon, and wmnet2 can be locally manipulated to take advantage of open file descriptors /dev/mem and /dev/kmem to gain root privileges on a target host. These...

CVE-2002-1125

The CVE-2002-1125 issue affects FreeBSD 4.6.2-RELEASE and earlier in FreeBSD port programs that use libkvm (asmon, ascpu, bubblemon, wmmon, wmnet2). The root cause is that these processes leave open file descriptors to /dev/mem and /dev/kmem, allowing a local user to read kernel memory. The provi...

CVE-2002-1125

FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including 1 asmon, 2 ascpu, 3 bubblemon, 4 wmmon, and 5 wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory...

idefense.libkvm.txt

iDEFENSE Security Advisory 09.16.2002 FreeBSD Ports libkvm Security Vulnerabilities DESCRIPTION The FreeBSD ports asmon, ascpu, bubblemon, wmmon, and wmnet2 can be locally manipulated to take advantage of open file descriptors /dev/mem and /dev/kmem to gain root privileges on a target host. These...

WMMon 1.0 b2 - Memory Character File Open File Descriptor Read

WMMon 1.0 b2 - Memory Character File Open File Descriptor Read source: https://www.securityfocus.com/bid/5718/info It has been reported that wmmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attacker...

ASCPU 0.60 Kernel - Memory File Descriptor Leakage

ASCPU 0.60 Kernel - Memory File Descriptor Leakage source: https://www.securityfocus.com/bid/5716/info It has been reported that ascpu is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit...

BubbleMon 1.x Kernel - Memory File Descriptor Leakage

source: https://www.securityfocus.com/bid/5714/info It has been reported that BubbleMon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and...

ASCPU 0.60 Kernel - Memory File Descriptor Leakage

source: https://www.securityfocus.com/bid/5716/info It has been reported that ascpu is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/km...

DEBIAN-CVE-2002-0871

xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe...

CVE-2002-0820

FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain...

CVE-2002-0820

CVE-2002-0820: FreeBSD kernels 4.6 and earlier close fds 0, 1, and 2 after they are assigned to /dev/null when the descriptors reference procfs/linprocfs. This could allow a local attacker to reuse those file descriptors in a setuid/setgid program to modify critical data and gain privileges. The ...

Privelege escalation in util-linux chfn

Unchecked race conditions under file decriptors leaves ability to modify /etc/passwd...

CVE-2002-0572

CVE-2002-0572 affects BSD-based systems (notably FreeBSD 4.5 and earlier); the issue arises when a local user closes standard input/output/error (FDs 0–2) and a subsequent setuid-invoked I/O operation reuses those descriptors, allowing read/write access to restricted files. Connected records corr...

Security Advisory FreeBSD-SA-02:23.stdio

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:23.stdio Security Advisory The FreeBSD Project Topic: insecure handling of stdio file descriptors Category: core Module: kernel Announced: 2002-04-22 Credits: Joost Pol...

Apple Mac OSX 10.x FreeBSD 4.x OpenBSD 2.x Solaris 2.52.67.08 - exec C Library Standard IO File Descriptor Closure

Apple Mac OSX 10.x FreeBSD 4.x OpenBSD 2.x Solaris 2.52.67.08 - exec C Library Standard IO File Descriptor Closure / source: https://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are vali...

FreeBSD-SA-02:23.stdio

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:23.stdio Security Advisory The FreeBSD Project Topic: insecure handling of stdio file descriptors Category: core Module: kernel Announced: 2002-04-22 Credits: Joost Pol ,...

Проблемы в работе с файловыми дескрипторами в OpenBSD (VFS races)

Наличие вызова блокирующей функции между проверкой файлового дескриптора и операцией над ним, позволяет провести операцию над закрытым дескриптором, если дескриптор был закрыт в другом потоке приложения...

CVE-1999-0848

CVE-1999-0848 concerns a denial-of-service in ISC BIND’s named daemon caused by consuming more than the configured fdmax file descriptors. This is confirmed by the NVD entry and Red Hat security page, both citing the same DoS vector. The provided connected documents do not specify exact affected ...