FreeBSD 7.2 VFS/devfs race condition exploit

FreeBSD 7.2 and below including 6.4 are vulnerable to race condition in VFS and devfs code, resulting in NULL pointer dereference. In contrast to pipe race condition, this vulnerability is actually much harder to exploit. Due to uninitalised value in devfsopen, following function is called with...

FreeBSD 7.2 - VFSdevfs Race Condition

FreeBSD 7.2 - VFSdevfs Race Condition if 0 FreeBSD 7.2 and below including 6.4 are vulnerable to race condition in VFS and devfs code, resulting in NULL pointer dereference. In contrast to pipe race condition, this vulnerability is actually much harder to exploit. Due to uninitalised value in...

FreeBSD 7.2 VFS/devfs race condition exploit

Exploit for unknown platform in category local exploits ============================================ FreeBSD 7.2 VFS/devfs race condition exploit ============================================ Title: FreeBSD 7.2 VFS/devfs race condition exploit CVE-ID: OSVDB-ID: Author: Przemyslaw Frasunek Publishe...

FreeBSD 7.0/7.1 vfs.usermount Local Privilege Escalation Exploit

No description provided by source. / cve-2008-3531.c -- Patroklos Argyroudis, argp at domain census-labs.com Privilege escalation exploit for the FreeBSD-SA-08:08.nmount CVE-2008-3531 vulnerability: http://security.freebsd.org/advisories/FreeBSD-SA-08:08.nmount.asc...

FreeBSD 7.0/7.1 - 'vfs.usermount' Local Privilege Escalation

/ cve-2008-3531.c -- Patroklos Argyroudis, argp at domain census-labs.com Privilege escalation exploit for the FreeBSD-SA-08:08.nmount CVE-2008-3531 vulnerability: http://security.freebsd.org/advisories/FreeBSD-SA-08:08.nmount.asc http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3531 For ...

Anti-Trojan Elite和Anti-Keylogger Elite IOCTL请求本地权限提升漏洞

BUGTRAQ ID: 32202 Anti-Trojan Elite和Anti-Keylogger Elite是ISecSoft推出的防木马和侦测键盘记录器工具。 Anti-Keylogger Elite的AKEProtect.sys驱动没有正确地验证通过IOCTL 0x002224A4、0x002224C0和0x002224CC所接收到的参数，Anti-Trojan Elite的Atepmon.sys驱动没有正确地验证通过IOCTL 0x00222494所接收到的参数，本地管理员启动Anti Trojan Elite或Anti-Keylogger...

Code injection

CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service system crash and possibly execute arbitrary code in the kernel context via crafted arguments...

Broadcom无线驱动探测响应超长SSID栈溢出漏洞

Broadcom是全球领先的有线和无线通信半导体公司。 Broadcom的无线驱动程序实现上存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 Broadcom的BCMWL5.SYS无线驱动在处理包含有超长SSID字段的802.11探测响应报文时存在栈溢出漏洞，允许攻击者通过发送恶意报文导致执行任意内核态代码。 Broadcom BCMWL5.SYS 3.50.21.10 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Linux Kernel 2.4.x mremap() bound checking Root Exploit

No description provided by source. / Linux kernel mremap bound checking bug exploit. Bug found by Paul Starzetz paul isec pl Copyright c 2004 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY. COPYING,...

Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-30-1)

CAN-2004-0883, CAN-2004-0949 : During an audit of the smb file system implementation within Linux, several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. To exploit any of these vulnerabilities, an attacker needs control over the answers...

Проблема с локальной безопасностью в NT - SystemLoadAndCallImage

Недокументированный вызов SystemLoadAndCallImage позволяет выполнить код в режиме ядра в обход аудита безопасности...