FreeBSD 6.4 root shell exploit 0 day-vulnerability warning-the black bar safety net

The following code exploit the vulnerability to run in kernel-mode code if 0 FreeBSD 6.4 and below are vulnerable to race condition between pipeclose and knlistcleardel resulting in NULL pointer dereference. The following code exploits the vulnerability to run code in kernel mode, giving root she...

Design/Logic Flaw

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service daemon crash or hang via a client...

DEBIAN-CVE-2010-0302

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service daemon crash or hang via a client...

CVE-2010-0302

CVE-2010-0302 affects CUPS before 1.4.4, with the use-after-free vulnerability in cupsdDoSelect within scheduler/select.c when using kqueue or epoll. The issue stems from improper reference-count handling of the abstract file-descriptor interface, allowing a remote attacker to trigger a denial of...

cups Incomplete fix for CVE-2009-3553

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service daemon crash or hang via a client...

CVE-2010-0302

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service daemon crash or hang via a client...

FreeBSD Security Advisory FreeBSD-SA-09:13.pipe

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:13.pipe Security Advisory The FreeBSD Project Topic: kqueue pipe race conditions Category: core Module: kern Announced: 2009-10-02 Credits: Przemyslaw Frasunek...

FreeBSD -- kqueue pipe race conditions

Problem Description A race condition exists in the pipe close code relating to kqueues, causing use-after-free for kernel memory, which may lead to an exploitable NULL pointer vulnerability in the kernel, kernel memory corruption, and other unpredictable results. Impact: Successful exploitation o...

FreeBSD-SA-09:13.pipe

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:13.pipe Security Advisory The FreeBSD Project Topic: kqueue pipe race conditions Category: core Module: kern Announced: 2009-10-02 Credits: Przemyslaw Frasunek...

FreeBSD 'kqueue'存在一个未明NULL指针引用漏洞

Bugraq ID: 36375 FreeBSD是一款开放源代码的操作系统。 FreeBSD包含的kqueue存在一个未明NULL指针引用漏洞，本地攻击者可以利用漏洞获得root特权，目前没有详细漏洞细节提供。 FreeBSD FreeBSD 6.0 .x FreeBSD FreeBSD 6.0 -STABLE FreeBSD FreeBSD 6.0 -RELEASE FreeBSD FreeBSD 6.4-RELEASE-p5 FreeBSD FreeBSD 6.4-RELEASE-p4 FreeBSD FreeBSD 6.4-RELEASE-p2 FreeBSD FreeBSD 6....

Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference

Przemyslaw Frasunek pisze: FreeBSD = 6.1 suffers from classical check/use race condition on SMP There is yet another kqueue related vulnerability. It affects 6.x, up to 6.4-STABLE. FreeBSD security team was notified on 29th Aug, but there is no response until now, so I won't publish any details...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

No description provided by source. FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread loopin...

FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation

/ FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thread thread; gotroot = 1; asm "movl %%fs:0, %0" : "=r"thread ;...

FreeBSD 6.1 - kqueue() Null Pointer Dereference Privilege Escalation

FreeBSD 6.1 - kqueue Null Pointer Dereference Privilege Escalation / FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thre...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

Exploit for freebsd platform in category local exploits =================================================================== FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile...

FreeBSD &lt;= 6.1 kqueue&#40;&#41; NULL pointer dereference

FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread looping on kevent, trying to add possibly...

FreeBSD &lt;= 6.1 kqueue&#40;&#41; NULL pointer dereference

FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread looping on kevent, trying to add possibly...

FreeBSD 6.1 kqueue() NULL Pointer Dereference

FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thread thread; gotroot = 1; asm "movl %%fs:0, %0" : "=r"thread ;...

Apple Mac OS X KQueue本地拒绝服务漏洞

Apple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X kqueue和kevent接口处理存在问题，本地攻击者可以利用漏洞对系统进行拒绝服务攻击。 利用一个进程注册一个队列，并通过kevent调用一个内核事件，然后通过fork派生一个子进程，尝试为相同"parent"队列注册另一个事件时可触发漏洞，造成系统拒绝服务。 Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8 http://www.apple.com/macosx/...

CVE-2002-0831

Technical details about CVE-2002-0831 are not publicly available in the provided documents. Monitor for updates.