freebsd.local.txt

Security Advisory : FreeBSD local DoS Systems affected: FreeBSD 5.1-RELEASE/Alpha. Other versions are probably vulnerable. FreeBSD 5.1-RELEASE/IA32 is not vulnerable. Not sure about other FreeBSD/arch but they could be vulnerable too. Risk: low Date: 23 June 2004 Legal notice: 1. This Advisory is...

UNIX 7th Edition binmkdir - Local Buffer Overflow

UNIX 7th Edition binmkdir - Local Buffer Overflow / Exploit for /bin/mkdir Unix V7 PDP-11. mkdir has a buffer overflow when checking if the directory in /arg/with/slashes/fname exists. This will run /bin/sh with euid 0, but not uid 0. Since the shell doesn't do anything special about this, we don...

FreeBSD 4.105.x - execve() Unaligned Memory Access Denial of Service

FreeBSD 4.105.x - execve Unaligned Memory Access Denial of Service / source: https://www.securityfocus.com/bid/10596/info It is reported that FreeBSD running on the Alpha architecture is susceptible to a denial of service vulnerability in its execve system call. An attacker with local interactive...

FreeBSD 4.10/5.x - 'execve()' Unaligned Memory Access Denial of Service

/ source: https://www.securityfocus.com/bid/10596/info It is reported that FreeBSD running on the Alpha architecture is susceptible to a denial of service vulnerability in its execve system call. An attacker with local interactive user-level access on an affected machine is reportedly able to cra...

CVE-2003-0937

SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID PID by obtaining a procfs file descriptor for the file and calling execve on a setuid or setgid program, which leaves the descriptor open to the user...

PT-2003-1958 · Sco · Open Unix +1

Name of the Vulnerable Software and Affected Versions: SCO UnixWare versions 7.1.1, 7.1.3 Open UNIX version 8.0.0 Description: The issue allows local users to bypass protections for the address space file for a process ID by obtaining a procfs file descriptor for the file and calling execve on a...

CVE-2003-0462

A race condition in the way envstart and envend pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service crash...

CVE-2003-0462

CVE-2003-0462 is a race condition in the Linux 2.4 kernel where env_start/env_end pointers used by the execve path (fs/proc/base.c) can lead to a local denial of service (kernel crash). Documented for several 2.4.x architectures (notably i386/alpha) and tracked in multiple advisories (e.g., Debia...

CVE-2003-0462

A race condition in the way envstart and envend pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service crash...

Important: Red Hat Security Advisory: : : : Updated 2.4 kernel fixes vulnerabilities

Updated kernel packages are now available fixing several security vulnerabilities. Updated 28 August 2003 Added CAN-2003-0699 and CAN-2003-0700 to the list of security issues that are fixed by this advisory there are no changes to the packages themselves. The Linux kernel handles the basic...

CVE-2003-0476

The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors...

CVE-2003-0476

CVE-2003-0476 affects the Linux kernel 2.4.x execve system call, where the executable’s file descriptor is recorded in the caller’s file table, enabling local users to read restricted file descriptors. Public advisories (e.g., Debian DSA-423-1, RHSA-2003:408) note this vulnerability and recommend...

Linux 2.4.x execve() file read race vulnerability

Hi people, again it is time to discover a funny bug inside the Linux execve system call. Details: --------- While looking at the execve code I've found the following piece of code from fs/binfmtelf.c: static int loadelfbinarystruct linuxbinprm bprm, struct ptregs regs struct file interpreter =...

Linux Kernel 2.4 - SUID execve() System Call Race Condition Executable File Read

Linux Kernel 2.4 - SUID execve System Call Race Condition Executable File Read / source: https://www.securityfocus.com/bid/8042/info A race condition vulnerability has been discovered in the Linux execve system call, affecting the 2.4 kernel tree. The problem lies in the atomicity of placing a...

Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read

/ source: https://www.securityfocus.com/bid/8042/info A race condition vulnerability has been discovered in the Linux execve system call, affecting the 2.4 kernel tree. The problem lies in the atomicity of placing a target executables file descriptor within the current process descriptor and...

CVE-2001-1185

CVE-2001-1185 affects FreeBSD 4.4. Some AIO operations may be delayed until after an execve call, allowing a local user to overwrite memory of the new process and gain privileges. The provided documents do not include exploitation details or remediation/fix information.

FreeBSD 4.4 - AIO Library Cross Process Memory Write

FreeBSD 4.4 - AIO Library Cross Process Memory Write // source: https://www.securityfocus.com/bid/3661/info aio.h is a library implementing the POSIX standard for asynchronous I/O. Support for AIO may be enabled in FreeBSD by compiling the kernel with the VFSAIO option. This option is not enabled...

Security Advisory 2001-009: Race condition between sugid-exec and ptrace(2)

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2001-009 ================================= Topic: Race condition between sugid-exec and ptrace2 Version: All official releases up to and including 1.5 Severity: Local user may gain superuser privileges Fixed: NetBSD-current: June 15, 200...

reading from execve()ed setuid memory

Posted to bugzilla.redhat.com: Tue, 15 May 2001 06:43:27 -0400 This was then made unaccessable, and I've seen nothing that looks like a fix yet. A month and a half seems like long enough to work it out. Contents of https://bugzilla.redhat.com/bugzilla/showbug.cgi?id=40658 as posted before the pag...

execve of /bin/sh after setreuid0,0

execve of /bin/sh after setreuid0,0. Shellcode exploit for linx86 platform / $Id: execve-setreuid.c,v 1.1 2001/05/02 18:10:52 raptor Exp $ execve-setreuid.c v1.0 - shellcode for Linux/i386 Copyright c 2001 Raptor This shellcode does an execve of /bin/sh after a setreuid0, 0, then exits. / / ASM...