CVE-2020-24385

In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td-tdemuldata in sys/compat/linux/linuxemul.h is not getting initialized an...

CVE-2020-24385

The CVE-2020-24385 issue affects MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7. It is a NULL pointer dereference in the Linux emulation layer. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not initialized and can return NULL from em_...

QEMU: slirp: heap buffer overflow in tcp_emu()

A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcpemu routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host...

Writing a libemu/Unicorn Compatability Layer

In this post we are going to take a quick look at what it takes to write a libemu compatibility layer for the Unicorn engine. In the course of this work, we will also import the libemu Win32 environment to run under Unicorn. For a bit of background, libemu is a lightweight x86 emulator written in...

Android SD Card User Control Emulation Layer Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA.SD Card Emulation Layer is one of the SD card user controls. An elevation of privilege vulnerability exists in the SD Card user control emulation layer of Android. A local attacker...

Microsoft Windows Object Manager Local Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft.Object Manager is one of the object managers. An elevation of privilege vulnerability exists in Windows Object Manager, which can be exploited by an attacker to bypass emulation layer security checks and elevate privileges...

Microsoft Windows MS-DOS Device Name Vulnerability

Microsoft Windows is a windowed operating system developed by Microsoft Corporation in the United States. An elevation of privilege vulnerability exists when Microsoft Windows fails to authenticate and execute the emulation layer. The vulnerability allows an authenticated attacker to bypass...

Debian: Security Advisory (DSA-2110-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2110-1 (linux-2.6)

The remote host is missing an update to linux-2.6 announced via advisory DSA 2110-1. OpenVAS Vulnerability Test $Id: deb21101.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2110-1 linux-2.6 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

Oracle Secure Backup Administration Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. The specific flaw exists within the register globals emulation layer which allows attackers to specify values for arbitrary program variables. When specific parameters are...

FreeBSD : phpSysInfo -- 'register_globals' emulation layer overwrite vulnerability (9c1cea79-548a-11da-b53f-0004614cc33d)

A Secunia Advisory reports : Christopher Kunz has reported a vulnerability in phpSysInfo, which can be exploited by malicious people to manipulate certain information. The vulnerability is caused due to an error in the 'registerglobals' emulation layer where certain arrays used by the system can ...

FreeBSD : mambo -- 'register_globals' emulation layer overwrite vulnerability (ffb82d3a-610f-11da-8823-00123ffe8333)

A Secunia Advisory reports : peter MC tachatte has discovered a vulnerability in Mambo, which can be exploited by malicious people to manipulate certain information and compromise a vulnerable system. The vulnerability is caused due to an error in the 'registerglobals' emulation layer in...

phpSysInfo -- "register_globals" emulation layer overwrite vulnerability

A Secunia Advisory reports: Christopher Kunz has reported a vulnerability in phpSysInfo, which can be exploited by malicious people to manipulate certain information. The vulnerability is caused due to an error in the "registerglobals" emulation layer where certain arrays used by the system can b...