12 matches found
CVE-2011-4122
Directory traversal vulnerability in openpamconfigure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. dot dot in the servicename argument to the pamstart function, as demonstrated by a .. in the -c option to kcheckpass...
CVE-2011-4122
Directory traversal vulnerability in openpamconfigure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. dot dot in the servicename argument to the pamstart function, as demonstrated by a .. in the -c option to kcheckpass...
bsd/x86 - connect back Shellcode (81 bytes)
Exploit for bsd/x86 platform in category shellcode / -------------- FreeBSD/x86 - connect back /bin/sh. 81 bytes ---------------- AUTHOR : Tosh OS : BSDx86 Tested on FreeBSD 8.1 EMAIL : email protected / include include include char shellcode =...
BSD x86 portbind + fork shellcode 111 bytes
BSD x86 portbind + fork shellcode 111 bytes. Shellcode exploit for bsdx86 platform / -------------- FreeBSD/x86 - portbind shell + fork 111 bytes-------------------- AUTHOR : Tosh OS : BSDx86 Tested on FreeBSD 8.1 EMAIL : [email protected] / include include include char shellcode =...
GNU libc/regcomp(3) Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.: 07.01.2011 CERT: VU912279 CVE: CVE-2010-4051 CVE-2010-4052 Affected tested: - - Ubuntu 10.10 - ...
FreeBSD 8.1/7.3 vm.pmap Kernel Local Race Condition
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FreeBSD 8.1/7.3 vm.pmap kernel local race condition Author: Maksymilian Arciemowicz http://SecurityReason.com http://lu.cxib.net Date: - - Dis.: 09.07.2010 - - Pub.: 07.09.2010 Affected Software verified: - - FreeBSD...
FreeBSD mbuf本地权限提升漏洞
BUGTRAQ ID: 41577 CVE ID: CVE-2010-2693 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 mbuf是FreeBSD内核进程间通讯和联网子系统中的基础内存管理单元。网络报文和套接字缓冲区依赖于mbuf进行存储。 在复制mbuf缓冲区引用时没有正确地拷贝只读标志,如果使用sendfile2系统调用在回环接口上传输数据,就可能导致修改所传送数据的后端内存页,造成数据破坏。本地攻击者可以通过精心控制系统文件的破坏情况来利用这种数据破坏提升权限。请注意攻击者可以破坏任意可读访问的文件。 FreeBSD FreeBSD 8....
CVE-2010-2022
jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations...
Code injection
jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations...
CVE-2010-1938
Off-by-one error in the opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a long username, as...
CVE-2010-2022
The CVE-2010-2022 issue affects FreeBSD jail(8) in FreeBSD 8.0 and 8.1-PRERELEASE. If the jail is started without the -l -U root options, jail(8) may fail to chdir to a restricted directory, allowing local users to access the current working directory and potentially read, modify, or create arbit...
FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes)
FreeBSD/x86 - execv/bin/sh Shellcode 23 bytes. Shellcode exploit for FreeBSDx86 platform / -------------- FreeBSD/x86 - execv"/bin/sh" 23 bytes ------------------------- AUTHOR : Tosh OS : BSDx86 Tested on FreeBSD 8.1 EMAIL : [email protected] / include include char shellcode =...