Solaris loadable kernel module directory traversal

Added: 06/22/2007 CVE: CVE-2004-1767 BID: 9477 OSVDB: 15128 Background Loadable kernel modules are programs which can be dynamically loaded into the kernel. Problem A directory traversal vulnerability in the vfsgetvfssw function in the Solaris kernel allows unprivileged users to load their own...

Hack advanced skills Linux back door technology and practice-vulnerability warning-the black bar safety net

The back door introduction The intruder complete control of the system, to facilitate the next time you enter and use a technology. Generally by modifying system configuration files and installation of third-party back-door tool to achieve. Has a hidden, can bypass the system log, not easy to be...

NVIDIA binary graphics driver: Privilege escalation vulnerability

Background The NVIDIA binary graphics driver from NVIDIA Corporation provides the kernel module and the GL modules for graphic acceleration on the NVIDIA based graphic cards. Description Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the...

DSA-922-1 kernel-source-2.6.8 - several

Bulletin has no description...

CVE-2005-2873

The iptrecent kernel module iptrecent.c in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONGMAX, which can cause iptrecent netfilter rules to block too early, a different vulnerability than CVE-2005-2872...

CVE-2005-2873

The iptrecent kernel module iptrecent.c in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONGMAX, which can cause iptrecent netfilter rules to block too early, a different vulnerability than CVE-2005-2872...

CVE-2005-2872

The iptrecent kernel module iptrecent.c in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service kernel panic via certain attacks such as SSH brute force, which leads to memset calls using a length based on the uint32t...

CVE-2005-2872

The iptrecent kernel module iptrecent.c in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service kernel panic via certain attacks such as SSH brute force, which leads to memset calls using a length based on the uint32t...

CVE-2005-2872

The CVE pertains to the ipt_recent kernel module (ipt_recent.c) in Linux kernels before 2.6.12. On 64-bit CPUs (e.g., AMD64), remote attackers can trigger a kernel panic (DoS) via SSH brute-force-style inputs, due to a length argument based on u_int32_t operating on an array of unsigned long elem...

CVE-2005-2873

The iptrecent kernel module iptrecent.c in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONGMAX, which can cause iptrecent netfilter rules to block too early, a different vulnerability than CVE-2005-2872...

CVE-2004-2686

Directory traversal vulnerability in the vfsgetvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted 1 mount or 2 sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure...

Debian DSA-276-1 : linux-kernel-s390 - local privilege escalation

The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible. This advisory only covers kernel...

freebsd/x86 kldload /tmp/o.o 74 bytes

Exploit for freebsd/x86 platform in category shellcode ===================================== freebsd/x86 kldload /tmp/o.o 74 bytes ===================================== / The kldload shellcode setuid0 loads /tmp/o.o kernel module Size 74 bytes OS FreeBSD /rootteam/dev0id www.sysworld.net...

freebsd/x86 kldload /tmp/o.o 74 bytes

No description provided by source. / The kldload shellcode setuid0 loads /tmp/o.o kernel module Size 74 bytes OS FreeBSD /rootteam/dev0id www.sysworld.net [email protected] BITS 32 jmp short callme main: pop esi xor eax,eax mov al,0x17 push eax int 0x80 xor eax,eax push eax push long 0x68732f...

freebsd/x86 - kldload /tmp/o.o 74 bytes

freebsd/x86 kldload /tmp/o.o 74 bytes. Shellcode exploit for freebsdx86 platform / The kldload shellcode setuid0 loads /tmp/o.o kernel module Size 74 bytes OS FreeBSD /rootteam/dev0id www.sysworld.net [email protected] BITS 32 jmp short callme main: pop esi xor eax,eax mov al,0x17 push eax in...

CVE-2002-1296

CVE-2002-1296 affects Sun Solaris priocntl(2): an attacker with local privileges can exploit directory traversal in the pc_clname field of a pcinfo_t structure to cause priocntl to load a kernel module, achieving superuser code execution. The vulnerability stems from priocntl(2) not adequately va...

Mandrake Linux Security Advisory : kernel (MDKSA-2003:038-1)

A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this fla...

security flaw

kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service crash by sending certain signals to kmod...

Solaris vfs_getvfssw() call directory traversal

Vulnerability allow local user to load kernel module...

Sun Solaris 2.6/7.0/8/9 - vfs_getvfssw function Privilege Escalation

source: https://www.securityfocus.com/bid/9962/info It has been reported that Sun Solaris may be prone to a local privilege escalation vulnerability that may allow an attacker to gain root access to a vulnerable system. The issue exists due to insufficient sanitization of user-supplied data via t...