Linux Kernel __scm_destroy()本地拒绝服务漏洞

BUGTRAQ ID: 32154 CVECAN ID: CVE-2008-5029 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的net/core/scm.c文件中的scmdestroy函数可能通过调用fput函数间接地递归调用其本身，本地攻击者可以通过UNIX域套接字发送SCMRIGHTS消息并关闭文件描述符导致拒绝服务的情况。 Linux kernel 2.6.27.4 Linux kernel 2.6.26 Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Linux Kernel 2.4.36.92.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service)

Linux Kernel 2.4.36.92.6.27.5 - Unix Sockets Local Kernel Panic Denial of Service include include include include include include static int ownchildint us int pid; int s2; struct msghdr mh; char crap1024; struct iovec iov; struct cmsghdr c; int fd; int rc; pid = fork; if pid == -1 err1, "fork"; ...

CuteNews aj-fork - path Remote File Inclusion

CuteNews aj-fork - path Remote File Inclusion source: https://www.securityfocus.com/bid/32141/info CuteNews aj-fork is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...

CuteNews aj-fork - 'path' Remote File Inclusion

source: https://www.securityfocus.com/bid/32141/info CuteNews aj-fork is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in t...

TerminatorX <= 3.81 stack overflow local root exploit

No description provided by source. / TerminatorX V. = 3.81 local root exploit by Li0n7 Typical local stack-based overflow Bugs discovered by c0wboy from 0x333 Contact Li0n7 voila fr Usage: ./terminatorX-exp -r RET-b -s STARTINGRET -r RET: no bruteforcing, try to execute shellcode with RET as retu...

Linux Kernel "do_mremap" Local Proof of Concept

No description provided by source. / Proof-of-concept exploit code for domremap Copyright C 2004 Christophe Devine and Julien Tinnes This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...

nss_ldap randomly replying with wrong user's data

Race condition in nssldap, when used in applications that are linked against the pthread library and fork after a call to nssldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong...

SCO UnixWare Merge - mcd Local Privilege Escalation

SCO UnixWare Merge - mcd Local Privilege Escalation / 04/2008: public release I have'nt seen any advisory on this; possibly still not fixed. SCO UnixWare Merge mcd Local Root Exploit By qaaz / include include include include include include define TARGET "/usr/lib/merge/mcd" define DIR...

iDefense Security Advisory 03.10.08: SAP MaxDB Signedness Error Heap Corruption Vulnerability

iDefense Security Advisory 03.10.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 10, 2008 I. BACKGROUND SAP's MaxDB is a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for...

CVE-2008-1111

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

CVE-2008-1111

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

DEBIAN-CVE-2008-1111

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

CVE-2008-1111

CVE-2008-1111 affects lighttpd 1.4.18 through the mod_cgi path. When a fork failure occurs, lighttpd may return the source code of the CGI script instead of a 500 error, potentially allowing remote attackers to obtain sensitive information (information disclosure). Connected documents indicate re...

CVE-2008-1111

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

CVE-2008-1111

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

PYSEC-2008-8

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool...

Apple Mail邮件附件处理代码执行漏洞

BUGTRAQ ID: 26510 Apple Mail是苹果操作系统中所捆绑的邮件客户端。 Apple Mail在处理畸形的邮件附件时存在漏洞，远程攻击者可能利用此漏洞在用户系统上执行恶意命令。 Mac操作系统上的文件可能包含有额外的信息，例如其他程序打开文件所要使用的信息。操作系统将这些文件储存在链接到文件的名为resource fork的文件系统中。通常仅有本地系统才可以访问这类信息，但对于邮件，MIME格式AppleDouble允许附带resource fork，并由Apple Mail自动分析。...

HP-UX Security Patch : PHKL_28428

mmap/fork io,VM-JFS ddlock,thrd prf,usr lim %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid26388; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...

linux/x86 raw-socket ICMP/checksum shell 235 byte

No description provided by source. ; ; Copyright c 2007 by [email protected] ; ; 235-byte raw-socket ICMP/checksum shell - x86-lnx ; by mu-b - Nov 2006 ; ; icmp with identifier flagbyte and commands in the ; following format:- ; "/bin/sh\x00-c\x00command here\x00" ; ; unlike other icmp shells,...

CVE-2006-6546

PHP remote file inclusion vulnerability in inc/shows.inc.php in cutenews aj-fork CN:AJ 167f and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter...