55 matches found
CVE-2007-4774
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process...
CVE-2007-4773
Systrace before 1.6.0 has insufficient escape policy enforcement...
CVE-2007-4773
CVE-2007-4773 affects Systrace before 1.6.0, with the root cause described as insufficient escape policy enforcement. The CVSS scores indicate high impact across confidentiality, integrity, and availability (NVD: CVSSv2 7.5; CVSSv3.1 9.8). Connected records confirm the issue across multiple feeds...
OpenBSD 5.7 Local Denial Of Service Exploit
Exploit for bsd platform in category local exploits / 2015, Maxime Villard Exploit triggering a memory leak in the OpenBSD kernel from an unprivileged user. Found by The Brainy Code Scanner. / - - - - - - - - - - - - - - - - - script.sh - - - - - - - - - - - - - - - - - - ! /bin/sh while true do...
Systrace Multiple System Call Wrappers Concurrency Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/25258/info Systrace is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel. Attackers can explo...
Systrace 1.x 64-Bit Aware Linux Kernel Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33417/info Systrace is prone to a local privilege-escalation vulnerability. A local attacker may be able to exploit this issue to bypass access control restrictions and make unintended system calls, which may result in an...
NetBSD/FreeBSD Port Systrace 1.x Exit Routine Access Validation Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10320/info A vulnerability has been reported that affects Systrace on NetBSD, as well as the FreeBSD port by Vladimir Kotal. The source of the issue is insufficient access validation when a systraced process is restoring...
Systrace 1.x Local Policy Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9998/info Systrace has been reported prone to a vulnerability that may permit an application to completely bypass a Systrace policy. The issue presents itself because Systrace does not perform sufficient sanity checks whi...
Race condition
Niels Provos Systrace 1.6f and earlier on the x8664 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes...
CVE-2009-0343
Niels Provos Systrace 1.6f and earlier on the x8664 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes...
Design/Logic Flaw
Niels Provos Systrace before 1.6f on the x8664 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall...
CVE-2009-0342
Niels Provos Systrace before 1.6f on the x8664 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall...
CVE-2009-0343
CVE-2009-0343 affects Niels Provos Systrace 1.6f and earlier on x86_64 Linux. The issue allows local users to bypass access restrictions by issuing a 32-bit syscall whose number corresponds to a policy-compliant 64-bit syscall, due to race conditions in monitoring 64‑bit processes. Impact is desc...
CVE-2009-0342
Niels Provos Systrace before 1.6f on the x8664 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall...
CVE-2009-0342
CVE-2009-0342 is described in the connected SUSE advisories as a Linux kernel issue on x86_64 where a 32-bit process making a 64-bit syscall or a 64-bit process making a 32-bit syscall can bypass syscall auditing/access restrictions via crafted syscalls. It is a local vulnerability with impact on...
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation
Systrace 1.x Linux Kernel x64 - Aware Local Privilege Escalation / source: https://www.securityfocus.com/bid/33417/info Systrace is prone to a local privilege-escalation vulnerability. A local attacker may be able to exploit this issue to bypass access control restrictions and make unintended...
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation
/ source: https://www.securityfocus.com/bid/33417/info Systrace is prone to a local privilege-escalation vulnerability. A local attacker may be able to exploit this issue to bypass access control restrictions and make unintended system calls, which may result in an elevation of privileges. Versio...
CVE-2007-4305
CVE-2007-4305 involves multiple race conditions in the Sudo monitor mode and in Sysjail policies of Systrace on NetBSD and OpenBSD. The underlying issue allows local users to defeat system call interposition, thereby bypassing access control policy and auditing. Affected components: NetBSD/OpenBS...
Systrace - Multiple System Call Wrappers Concurrency Vulnerabilities
Systrace - Multiple System Call Wrappers Concurrency Vulnerabilities source: https://www.securityfocus.com/bid/25258/info Systrace is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread...
Systrace - Multiple System Call Wrappers Concurrency Vulnerabilities
source: https://www.securityfocus.com/bid/25258/info Systrace is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel. Attackers can exploit these issues by replacing certa...