BubbleMon 1.x Kernel - Memory File Descriptor Leakage

BubbleMon 1.x Kernel - Memory File Descriptor Leakage source: https://www.securityfocus.com/bid/5714/info It has been reported that BubbleMon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to...

BubbleMon 1.x Kernel - Memory File Descriptor Leakage

source: https://www.securityfocus.com/bid/5714/info It has been reported that BubbleMon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and...

CVE-2001-0424

BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id...

BubbleMon 1.31

VULNERABILITY DESCRIPTION Users can execute programs/shellscript by clicking on the bubblemon app. bubblemon is installed sgid kmem on FreeBSD and does not drop its egid before executing programs. VERSIONS AFFECTED All versions of BubbleMon up to 1.32 installed on FreeBSD . EXAMPLE $ id...

Дырка в bubblemon (egid kmem)

Не сбрасывается egid kmem при вызове внешнего приложения...