MQAC.sys Arbitrary Write Privilege Escalation

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'MQAC.sys Arbitrary Write Privilege Escalation', 'Description' = %q A vulnerability within the MQAC.sys module allows an...

Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'MQAC.sys Arbitrary Write Privilege Escalation', 'Description' = %q A vulnerability within the MQAC.sys module allows an...

MQAC.sys Arbitrary Write Privilege Escalation Exploit

A vulnerability within the MQAC.sys module allows an attacker to overwrite an arbitrary location in kernel memory. This Metasploit module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process. This module requires Metasploit: http//metasploit.com/download Current...

kernel: aio: insufficient sanitization of head in aio_read_events_ring()

Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...

MQAC.sys Arbitrary Write Privilege Escalation

A vulnerability within the MQAC.sys module allows an attacker to overwrite an arbitrary location in kernel memory. This module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process. This module requires Metasploit: https://metasploit.com/download Current source:...

Ubuntu: Security Advisory (USN-2290-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command

A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory. CVE-2014-173...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...

USN-2282-1: Linux kernel vulnerabilities

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 An flaw was discovered in the Linux kernel's audit subsystem when auditing...

Privilege escalation

FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a 1 SCTPSNDRCV, 2 SCTPEXTRCV, or 3 SCTPRCVINFO SCTP cmsg or a 4 SCTPPEERADDRCHANGE, 5...

CVE-2014-3953

FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a 1 SCTPSNDRCV, 2 SCTPEXTRCV, or 3 SCTPRCVINFO SCTP cmsg or a 4 SCTPPEERADDRCHANGE, 5...

CVE-2014-3952

Removed by vendor...

CVE-2014-3952

CVE-2014-3952 is a local kernel memory disclosure in FreeBSD-related kernels. The vulnerability stems from improper initialization of the buffer between the control message header and data for sockbuf control messages, allowing an unprivileged local process to read kernel memory. Affected: FreeBS...

FreeBSD Security Advisory FreeBSD-SA-14:17.kmem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:17.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in control messages and SCTP notifications Category: core Module: kern, sctp...

DLA-0015-1 linux-2.6 - security update

Bulletin has no description...

FreeBSD-SA-14:17.kmem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:17.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in control messages and SCTP notifications Category: core Module: kern, sctp...

CVE-2014-4653

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service use-after-free and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX acce...

DEBIAN-CVE-2014-4652

Race condition in the tlv handler functionality in the sndctlelemusertlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access...

Race condition

Race condition in the tlv handler functionality in the sndctlelemusertlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access...

Double free

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service use-after-free and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX acce...