USN-679-1: Linux kernel vulnerabilities

It was discovered that the Xen hypervisor block driver did not correctly validate requests. A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service. This only affected Ubuntu 7.10...

[ MDVSA-2008:145 ] - Updated bluez/bluez-utils packages fix SDP packet parsing vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:145 http://www.mandriva.com/security/ Package : bluez Date : July 14, 2008 Affected: 2007.1, 2008.0, 2008.1 Problem Description: An input validation flaw was found in the Bluetooth Session Description Protoc...

ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit 2

No description provided by source. !/usr/bin/perl -w $Id: revengeproftpdctrls26.pl, v1.1 2007/02/18 19:30:25 revenge Exp $ ProFTPD v1.3.0/1.3.0a Controls Buffer Overflow Exploit Original Advisory : http://www.coresecurity.com/?action=item&id=1594 Exploitation condition ...

revenge_proftpd_ctrls_26.pl.txt

!/usr/bin/perl -w $Id: revengeproftpdctrls26.pl, v1.1 2007/02/18 19:30:25 revenge Exp $ ProFTPD v1.3.0/1.3.0a Controls Buffer Overflow Exploit Original Advisory : http://www.coresecurity.com/?action=item&id=1594 Exploitation condition - proftpd must be compiled with --enable-ctrls option - local...

ProFTPd 1.3.01.3.0a - mod_ctrls support Local Buffer Overflow (2)

ProFTPd 1.3.01.3.0a - modctrls support Local Buffer Overflow 2 !/usr/bin/perl -w $Id: revengeproftpdctrls26.pl, v1.1 2007/02/18 19:30:25 revenge Exp $ ProFTPD v1.3.0/1.3.0a Controls Buffer Overflow Exploit Original Advisory : http://www.coresecurity.com/?action=item&id=1594 Exploitation condition...

ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support' Local Buffer Overflow (1)

!/usr/bin/perl -w $Id: revengeproftpdctrls24.pl, v1.0 2007/02/18 19:24:22 revenge Exp $ ProFTPD v1.3.0/1.3.0a Controls Buffer Overflow Exploit Old style school sploit against gcc 3.x and linux kernel 2.4 Original Advisory : http://www.coresecurity.com/?action=item&id=1594 Exploitation condition -...

ProFTPd 1.3.01.3.0a - mod_ctrls support Local Buffer Overflow (1)

ProFTPd 1.3.01.3.0a - modctrls support Local Buffer Overflow 1 !/usr/bin/perl -w $Id: revengeproftpdctrls24.pl, v1.0 2007/02/18 19:24:22 revenge Exp $ ProFTPD v1.3.0/1.3.0a Controls Buffer Overflow Exploit Old style school sploit against gcc 3.x and linux kernel 2.4 Original Advisory :...

mysql50-server -- COM_TABLE_DUMP arbitrary code execution

Stefano Di Paola reports: An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. To take advantage of these flaws an attacker should have direct access to MySQL server communication layer port 3306 or unix socket. But if used in conjuction with so...

DEBIAN-CVE-2005-3070

HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file...

CVE-2005-3070

HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file...

CVE-2005-3070

CVE-2005-3070 affects HylaFax 4.2.1 and earlier. It reports that HylaFax does not create or verify ownership of the UNIX domain socket, which could allow a local attacker to read faxes and cause a denial of service by abusing the hyla.unix socket file. The issue is documented across multiple sour...

CVE-1999-1402

The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket...

CVE-2001-0178

CVE-2001-0178 affects KDE2’s kdesu: the keep-password feature uses a UNIX socket to pass authentication data, but KDE2 (before 2.2.0-6) does not verify the socket listener’s identity. This can allow local users to obtain root passwords and gain privileges. Multiple advisories confirm the issue an...

CVE-2001-0178

kdesu program in KDE2 KDE before 2.2.0-6 does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges...

CVE-2001-0178

kdesu program in KDE2 KDE before 2.2.0-6 does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges...

FreeBSD 3.1 / Solaris 2.6 - Domain Socket

// source: https://www.securityfocus.com/bid/456/info Solaris 2.6 and many other unices/clones have a serious problem with their unix domain socket implementation that has it's origins in old BSD code. Any unix socket created by any application is set mode 4777. In Solaris versions 2.5 and earlie...