openssl: crash caused by a missing krb5_sname_to_principal() return value check

The ksslkeytabisavailable function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via SS...

Null pointer dereference

The ksslkeytabisavailable function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via SS...

CentOS 5 : openssh (CESA-2009:1287)

Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure Shell protocol implementation. These...

linux/x86 break chroot 87 bytes

No description provided by source. bt:/ ./pwn perl -e 'print "\x90"x181...

linux/x86 break chroot 87 bytes

Exploit for linux/x86 platform in category shellcode =============================== linux/x86 break chroot 87 bytes =============================== bt:/ ./pwn perl -e 'print "\x90"x181...

linux/x86 break chroot 79 bytes

linux/x86 break chroot 79 bytes. Shellcode exploit for linx86 platform bt:/ ./pwn perl -e 'print "\x90"x189...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard...

CVE-2009-2904

CVE-2009-2904 is a local privilege-escalation flaw in OpenSSH related to a Red Hat modification of the ChrootDirectory feature. The issue affects OpenSSH 4.8 used by sshd in OpenSSH 4.3 on Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allowing a local user to gain privileges via hard links t...

CVE-2009-2904

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, relate...

openssh security update

4.3p2-36.2 - minimize chroot patch to be compatible with upstream 522141...

openssh security update

CentOS Errata and Security Advisory CESA-2009:1287 Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's...

openssh security, bug fix, and enhancement update

4.3p2-36 - tiny change in chroot sftp capability into openssh-server solve ls speed problem 440240 4.3p2-35 - workaround to plaintext recovery attack against CBC ciphers CVE-2008-5161 502230 4.3p2-34 - disable protocol 1 in the FIPS mode 4.3p2-33 - fix scp hangup on exit 454812 - call integrity...

Low: Red Hat Security Advisory: openssh security, bug fix, and enhancement update

Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure Shell protocol implementation. These...

RHEL 5 : openssh (RHSA-2009:1287)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2009:1287 advisory. OpenSSH is OpenBSD's SSH Secure Shell protocol implementation. These packages include the core files necessary for both the OpenSSH client and server...

FreeBSD ftpd 'setusercontext()'远程特权提升漏洞

Bugraq ID: 36119 FreeBSD是一款开放源代码基于BSD的操作系统。 FreeBSD 'ftpd'存在远程特权提升问题，远程攻击者可以利用漏洞突破chroot封锁获得系统敏感信息或进行拒绝服务攻击。 BSD传承的操作系统一般都包含用于设置用户上下文的函数，如 FreeBSD 5.0和7.0包含的setusercontext函数： setusercontextlc, pw, uidt0, LOGINSETLOGIN|LOGINSETGROUP|LOGINSETPRIORITY| LOGINSETRESOURCES|LOGINSETUMASK;...

FreeBSD ftpd setusercontext()远程权限提升漏洞

BUGTRAQ ID: 36119 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD及其他一些BSD系统有一个用于设置用户上下文的功能，如FreeBSD中的setusercontext函数： setusercontextlc, pw, uidt0, LOGINSETLOGIN|LOGINSETGROUP|LOGINSETPRIORITY| LOGINSETRESOURCES|LOGINSETUMASK; 其中的LOGINSETRESOURCES设置允许用户设置资源。根据用户手册所述： LOGINSETRESOURCES...

Multiple BSD Operating Systems setusercontext() Vulnerabilities

No description provided by source. BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeBSD 5.0 and 7.0. An example from...

Multiple BSD Operating Systems setusercontext() Vulnerabilities

Exploit for multiple platform in category local exploits =============================================================== Multiple BSD Operating Systems setusercontext Vulnerabilities =============================================================== BSD setusercontext vulnerabilites discovered by...

BSD (Multiple Distributions) - setusercontext() Multiple Vulnerabilities

BSD Multiple Distributions - setusercontext Multiple Vulnerabilities BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeB...

[email protected]

BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeBSD 5.0 and 7.0. An example from ftpd.c : setusercontextlc, pw, uidt0,...