CVE-2020-15708

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code...

lighttpd < 1.4.28 Insecure Temporary File Creation

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.28. Therefore, it may be, affected by the following vulnerability : - The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a...

Debian DSA-4229-1 : strongswan - security update

Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. - CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on...

Apple macOS HighSierra 10.13 - ctl_ctloutput-leak Information Leak Exploit

Exploit for macOS platform in category local exploits / ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of sooptcopyin, which...

Apple macOS High Sierra 10.13 - ctl_ctloutput-leak Information Leak

Apple macOS High Sierra 10.13 - ctlctloutput-leak Information Leak / ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of...

Apple macOS High Sierra 10.13 - &#039;ctl_ctloutput-leak&#039; Information Leak

/ ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of sooptcopyin, which makes it possible to leak the uninitialized contents ...

UBUNTU-CVE-2016-5104

The socketcreate function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket...

Apple Mac OSX / iOS - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overfl

Exploit for multiple platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=543 NKE control sockets are documented here: https://developer.apple.com/library/mac/documentation/Darwin/Conceptual/NKEConceptual/control/control.html By default ther...

Apple Mac OSX / iOS - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overflow

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=543 NKE control sockets are documented here: https://developer.apple.com/library/mac/documentation/Darwin/Conceptual/NKEConceptual/control/control.html By default there are actually a bunch of these providers; they are...

MGASA-2014-0553 Updated erlang packages fix security vulnerabilities

Updated erlang packages fixes security vulnerability: An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP command...

CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

[SECURITY] [DSA 2649-1] lighttpd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2649-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez March 15, 2013 http://www.debian.org/security/faq -...

Debian DSA-2649-1 : lighttpd - fixed socket name in world-writable directory

Stefan Buhler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP contr...

Mandriva Linux Security Advisory : kdebase (MDVSA-2010:074)

A vulnerability has been found and corrected in kdm kdebase/kdebase4-workspace : KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. This vulnerability has...

Race condition

Race condition in backend/ctrl.c in KDM in KDE Software Compilation SC 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper...

CVE-2010-0436

Race condition in backend/ctrl.c in KDM in KDE Software Compilation SC 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper...

CVE-2010-0436

Race condition in backend/ctrl.c in KDM in KDE Software Compilation SC 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper...

kdm privilege escalation flaw

Race condition in backend/ctrl.c in KDM in KDE Software Compilation SC 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper...

ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)

Exploit for unknown platform in category local exploits ======================================================= ProFTPd 1.3.0 modctrls Local Stack Overflow opensuse ======================================================= Title: ProFTPd 1.3.0 modctrls Local Stack Overflow opensuse CVE-ID: OSVDB-ID...

Debian Security Advisory DSA 1767-1 (multipath-tools)

The remote host is missing an update to multipath-tools announced via advisory DSA 1767-1. OpenVAS Vulnerability Test $Id: deb17671.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1767-1 multipath-tools Authors: Thomas Reinke Copyright: Copyright c 2009...