Linux Kernel 4.11.8 - mq_notify: double sock_put() Local Privilege Escalation

Linux Kernel 4.11.8 - mqnotify: double sockput Local Privilege Escalation / CVE-2017-11176: "mqnotify: double sockput" by LEXFO 2018. DISCLAIMER: The following code is for EDUCATIONAL purpose only. Do not use it on a system without authorizations. WARNING: The exploit WILL NOT work on your target...

[slackware-security] Slackware 14.2 kernel

New kernel packages are available for Slackware 14.2 to fix a regression in the getsockopt function and to fix two denial-of-service security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/linux-4.4.132/: Upgraded. This kernel upgrade is being provided primarily ...

Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-142-01)

New kernel packages are available for Slackware 14.2 to fix a regression in the getsockopt function and to fix two denial-of-service security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-142-01...

Apple macOS HighSierra 10.13 - ctl_ctloutput-leak Information Leak Exploit

Exploit for macOS platform in category local exploits / ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of sooptcopyin, which...

MacOS so_pcb type confusion in necp_get_socket_attributes(CVE-2017-13855)

When getsockopt edited; original report said "setsockopt" is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls sotoinpcbso: errnot necpgetsocketattributesstruct socket so, struct sockopt sopt i...

Apple macOS High Sierra 10.13 - ctl_ctloutput-leak Information Leak

Apple macOS High Sierra 10.13 - ctlctloutput-leak Information Leak / ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of...

Apple macOS High Sierra 10.13 - 'ctl_ctloutput-leak' Information Leak

/ ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of sooptcopyin, which makes it possible to leak the uninitialized contents ...

CVE-2014-8612

Multiple array index errors in the Stream Control Transmission Protocol SCTP module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to 1 gain privileges via the stream id to the setsockopt function, when setting the SCTIPSSVALUE option, or 2 read...

Linux Kernel < 2.6.20.2 - IPv6_Getsockopt_Sticky Memory Leak PoC

No description provided by source. / Linux Kernel IPV6GetsockoptSticky Memory Leak Proof Of Concept dreyer 07-2007 Osu, Tatakae, Sexy Pandas! Dumps to stdout the memory mapped between INI and END. CVE: CVE-2007-1000 BID: 22904 Affected: Linux Kernel 2.6.20.2...

Stack overflow

Multiple stack-based buffer overflows in net/netfilter/ipvs/ipvsctl.c in the Linux kernel before 2.6.33, when CONFIGIPVS is used, allow local users to gain privileges by leveraging the CAPNETADMIN capability for 1 a getsockopt system call, related to the doipvsgetctl function, or 2 a setsockopt...

Kernel: atm: information leak in getsockopt & getsockname

The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

Kernel: dccp: check ccid before NULL poiter dereference

net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash by leveraging the CAPNETADMIN capability for a certain 1 sender or 2 receiver getsockopt call...

Kernel: atm: information leak in getsockopt & getsockname

The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

DEBIAN-CVE-2013-1827

net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash by leveraging the CAPNETADMIN capability for a certain 1 sender or 2 receiver getsockopt call...

CVE-2013-1828

The sctpgetsockoptassocstats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copyfromuser operation, which allows local users to gain privileges via a crafted application that contains an SCTPGETASSOCSTATS getsockopt system call...

Null pointer dereference

net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash by leveraging the CAPNETADMIN capability for a certain 1 sender or 2 receiver getsockopt call...

Design/Logic Flaw

The sctpgetsockoptassocstats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copyfromuser operation, which allows local users to gain privileges via a crafted application that contains an SCTPGETASSOCSTATS getsockopt system call...

CVE-2013-1828

The sctpgetsockoptassocstats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copyfromuser operation, which allows local users to gain privileges via a crafted application that contains an SCTPGETASSOCSTATS getsockopt system call...

DEBIAN-CVE-2012-6541

The ccid3hctxgetsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

Linux Kernel - &#039;SCTP_GET_ASSOC_STATS()&#039; Stack Buffer Overflow (PoC)

include include include include define SCTPGETASSOCSTATS 112 define SOLSCTP 132 int mainvoid char buf =...