32 matches found
kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service
By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the /proc//cmdline or /proc//environ files to block indefinitely...
Monitoring Windows Console Activity (Part 2)
This is the second of two blogs that discuss the implementation of the Windows console architecture from years past, with a primary focus on the current implementation present on modern versions of Windows. Read our first blog, "Monitoring Windows Console Activity Part 1," for more. Capturing the...
Monitoring Windows Console Activity (Part 2)
This is the second of two blogs that discuss the implementation of the Windows console architecture from years past, with a primary focus on the current implementation present on modern versions of Windows. Read our first blog, "Monitoring Windows Console Activity Part 1," for more. Capturing the...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)
This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 bnc887530 - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : -...
CVE-2013-5179
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments...
Command injection
Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing."...
Command injection
SLiM Simple Login Manager 1.3.0 places the X authority magic cookie mcookie on the command line when invoking xauth from 1 app.cpp and 2 switchuser.cpp, which allows local users to access the X session by listing the process and its arguments...
CVE-2009-1756
SLiM Simple Login Manager 1.3.0 places the X authority magic cookie mcookie on the command line when invoking xauth from 1 app.cpp and 2 switchuser.cpp, which allows local users to access the X session by listing the process and its arguments...
CVE-2009-1573
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie MCOOKIE on the command line, which allows local users to gain privileges by listing the process and its arguments...
Command injection
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie MCOOKIE on the command line, which allows local users to gain privileges by listing the process and its arguments...
CVE-2009-1573
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie MCOOKIE on the command line, which allows local users to gain privileges by listing the process and its arguments...
Default credentials
makecatalogbackup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffi...