8 matches found
kernel: KVM: x86 emulator: limit instructions to 15 bytes
The doinsnfetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service increased scheduling...
Afuse afuse.c文件Shell命令注入漏洞
BUGTRAQ ID: 30245 CVECAN ID: CVE-2008-2232 Afuse是使用FUSE在用户域实现的自动加载文件系统。 Afuse没有正确地过滤文件名便将其用在了system调用中。如果能够读访问afuse文件系统的攻击者使用了类似于以下的路径的话: /path/";arbitrary command;" /path/arbitrary command 则从注册为Afuse加载的目录请求上述特制文件就会导致以提升的权限执行任意命令。 Jacob Bower Afuse 0.2 Debian ------...
Debian 2.1 apcd符号链接漏洞
和Debian GNT/Linux 2.1一起发行的apcd软件包存在符号链接漏洞。当apcd进程接收到一个SIGUSR1信号时,会将其状态信息保存到/tmp/upsstat。然而由于这个文件没有被安全地打开,可能会导致符号链接攻击。 Debian GNU/Linux 2.1 该漏洞在0.6a.nr-4slink1版本中被修补,建议立刻升级apcd软件包。 Source archives: http://security.debian.org/dists/stable/updates/source/apcd0.6a.nr-4slink1.diff.gz MD5 checksum:...
[SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1448-1 [email protected] http://www.debian.org/security/ Steve Kemp January 05, 2008 http://www.debian.org/security/faq -...
linux/x86 execve /bin/sh IA32 0xff-less 45 bytes
No description provided by source. / 0xff-less execve /bin/sh by anathema [email protected] / include stdio.h include stdlib.h unsigned char code = / Linux/IA32 0xff-less execve shellcode. / "\x89\xe6" / movl %esp, %esi / "\x83\xc6\x30" / addl $0x30, %esi / "\xb8\x2e\x62\x69\x6e" / movl...
[SECURITY] glibc update for Debian GNU/Linux 2.1 (update)
Package: glibc Vulnerability: local exploit Debian-specific: no Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code. An earlier advisory listed the updates for Debian 2.2/potato. This advisory contains updates for Debian...
[SECURITY] glibc update for Debian GNU/Linux 2.1 (update)
------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman September 5, 2000 - ------------------------------------------------------------------------ Package: glibc Vulnerability: local...
[SECURITY] glibc update for Debian GNU/Linux 2.1
------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman September 5, 2000 - ------------------------------------------------------------------------ Package: glibc Vulnerability: local...