76 matches found
iOSmacOS 10.13.6 - if_ports_used_update_wakeuuid() 16-byte Uninitialized Kernel Stack Disclosure
iOSmacOS 10.13.6 - ifportsusedupdatewakeuuid 16-byte Uninitialized Kernel Stack Disclosure / macOS 10.13.4 introduced the file bsd/net/ifportsused.c, which defines sysctls for inspecting ports, and added the function IOPMCopySleepWakeUUIDKey to the file iokit/Kernel/IOPMrootDomain.cpp. Here's the...
iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure
/ macOS 10.13.4 introduced the file bsd/net/ifportsused.c, which defines sysctls for inspecting ports, and added the function IOPMCopySleepWakeUUIDKey to the file iokit/Kernel/IOPMrootDomain.cpp. Here's the code of the latter function: extern "C" bool IOPMCopySleepWakeUUIDKeychar buffer, sizet...
iOS / macOS 10.13.6 - if_ports_used_update_wakeuuid() 16-byte Uninitialized Kernel Stack Disclosure
/ macOS 10.13.4 introduced the file bsd/net/ifportsused.c, which defines sysctls for inspecting ports, and added the function IOPMCopySleepWakeUUIDKey to the file iokit/Kernel/IOPMrootDomain.cpp. Here's the code of the latter function: extern "C" bool IOPMCopySleepWakeUUIDKeychar buffer, sizet...
RAVPower 2.000.056 - Memory Disclosure
""" Exploit Title: RAVPower - remote stack disclosure Date: 22/01/2018 Exploit Author: Daniele Linguaglossa Vendor Homepage: https://www.ravpower.com/ Software Link: https://www.ravpower.com/ Version: 2.000.056 Tested on: OSX CVE : CVE-2018-5319 """ import socket import sys import re author =...
RAVPower 2.000.056 - Memory Disclosure
RAVPower 2.000.056 - Memory Disclosure """ Exploit Title: RAVPower - remote stack disclosure Date: 22/01/2018 Exploit Author: Daniele Linguaglossa Vendor Homepage: https://www.ravpower.com/ Software Link: https://www.ravpower.com/ Version: 2.000.056 Tested on: OSX CVE : CVE-2018-5319 """ import...
RAVPower 2.000.056 - Memory Disclosure Exploit
Exploit for hardware platform in category dos / poc """ Exploit Title: RAVPower - remote stack disclosure Date: 22/01/2018 Exploit Author: Daniele Linguaglossa Vendor Homepage: https://www.ravpower.com/ Software Link: https://www.ravpower.com/ Version: 2.000.056 Tested on: OSX CVE : CVE-2018-5319...
Information disclosure
The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read 700 bytes from the top of the...
Microsoft Windows - nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation) Kernel Stack
Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1214&desc=2 We have discovered that the nt!NtQueryInformationWorkerFactory system call called with the WorkerFactoryBasicInformation 7 information class discloses portions of...
Microsoft Windows - win32k!NtGdiGetTextMetricsW Kernel Stack Memory Disclosure
Microsoft Windows - win32k!NtGdiGetTextMetricsW Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1180 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other...
Microsoft Windows - nt!NtQueryInformationJobObject (BasicLimitInformation_ ExtendedLimitInformation) Kernel Stack Memory Disclosure
Microsoft Windows - nt!NtQueryInformationJobObject BasicLimitInformation ExtendedLimitInformation Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1189&desc=2 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to...
FreeBSD : FreeBSD -- Kernel stack disclosure in 4.3BSD compatibility layer (7cad4795-600a-11e6-a6c3-14dae9d210b8)
The implementation of historic stat2 system call does not clear the output struct before copying it out to userland. Impact : An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions of the file cache or...
FreeBSD -- Kernel stack disclosure in 4.3BSD compatibility layer
Problem Description: The implementation of historic stat2 system call does not clear the output struct before copying it out to userland. Impact: An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions ...
FreeBSD-SA-16:20.linux
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:20.linux Security Advisory The FreeBSD Project Topic: Kernel stack disclosure in Linux compatibility layer Category: core Module: linux4 Announced: 2016-05-3...
FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:25.setlogin Security Advisory The FreeBSD Project Topic: Kernel stack disclosure in setlogin2 / getlogin2 Category: core Module: kernel Announced: 2014-11-04...
DSA-3070-1 kfreebsd-9 - security update
Bulletin has no description...
Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit
No description provided by source. / cve-2009-3002.c Linux Kernel 2.6.31-rc7 AFIRDA getsockname 29-Byte Stack Disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3002 The Linux kernel before 2.6.31-rc7 does not...
Linux Kernel <= 2.6.30 atalk_getname() 8-bytes Stack Disclosure Exploit
No description provided by source. / appleak.c Linux keunouille = 2.6.30 AppleTalk getsockname 8-bytes kernel stack disclosure http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d392475c873c10c10d6d96b94d092a34ebd4791 atalkgetname can leak 8 bytes of kernel memory to use...
Linux Kernel <= 2.6.31-rc7 AF_LLC getsockname 5-Byte Stack Disclosure
No description provided by source. / llc-getsockname-leak.c Linux Kernel = 2.6.31-rc7 AFLLC getsockname 5-Byte Stack Disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: http://git.kernel.org/linus/28e9fc592cb8c7a43e4d3147b38be6032a0e81bc sllcarphrd member of sockaddrl...
kernel: stack disclosure in binfmt_script load_script()
The loadscript function in fs/binfmtscript.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...
PT-2011-1446 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.37-rc2 Description: The issue concerns the get name function in net/tipc/socket.c, which fails to initialize a certain structure. This allows local users to obtain potentially sensitive information from kern...