FreeBSD 6.4 pipeclose()/knlist_cleardel() Race Condition

if 0 FreeBSD 6.4 and below are vulnerable to race condition between pipeclose and knlistcleardel resulting in NULL pointer dereference. The following code exploits vulnerability to run code in kernel mode, giving root shell and escaping from jail. endif / 29.08.2009, babcia padlina FreeBSD includ...

FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit

Exploit for unknown platform in category local exploits ================================================================ FreeBSD 6.4 pipeclose/knlistcleardel race condition exploit ================================================================ Title: FreeBSD 6.4 pipeclose/knlistcleardel race...

FreeBSD 6.4 - 'pipeclose()'/'knlist_cleardel()' Race Condition

if 0 FreeBSD 6.4 and below are vulnerable to race condition between pipeclose and knlistcleardel resulting in NULL pointer dereference. The following code exploits vulnerability to run code in kernel mode, giving root shell and escaping from jail. endif / 29.08.2009, babcia padlina FreeBSD includ...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

No description provided by source. FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread loopin...

FreeBSD 6.1 - kqueue() Null Pointer Dereference Privilege Escalation

FreeBSD 6.1 - kqueue Null Pointer Dereference Privilege Escalation / FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thre...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

Exploit for freebsd platform in category local exploits =================================================================== FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile...

FreeBSD 6.1 - &#039;kqueue()&#039; Null Pointer Dereference Privilege Escalation

/ FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thread thread; gotroot = 1; asm "movl %%fs:0, %0" : "=r"thread ;...

FreeBSD 6.1 kqueue() NULL Pointer Dereference

FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thread thread; gotroot = 1; asm "movl %%fs:0, %0" : "=r"thread ;...

CVE-2009-1542

The Virtual Machine Monitor VMM in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges...

Information disclosure

The Virtual Machine Monitor VMM in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges...

CVE-2009-1542

The Virtual Machine Monitor VMM in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges...

Microsoft Windows桌面墙纸系统参数本地权限提升漏洞(MS09-025)

BUGTRAQ ID: 35120 CVECAN ID: CVE-2009-1126 Microsoft Windows是微软发布的非常流行的操作系统。 在编辑特定的桌面参数时，Windows内核没有正确地验证从用户态传递到内核的输入，导致权限提升漏洞。成功利用此漏洞的攻击者可以运行内核态中的任意代码。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows...

PT-2009-1124 · Microsoft · Windows Xp +5

Name of the Vulnerable Software and Affected Versions: Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 Microsoft Windows XP SP3 Microsoft Windows Server 2003 SP2 Microsoft Windows Vista Gold Microsoft Windows Vista SP1 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Description:...

[Backports-security-announce] Security Update for openafs

Russ Allbery uploaded new packages for openafs a distributed file system which fixed the following security problems: CVE-2009-1251 An attacker with control of a file server or the ability to forge RX packets may be able to execute arbitrary code in kernel mode on an OpenAFS client, due to a...

PT-2009-2783 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue arises from the improper handling of invalid pointers by the Windows kernel, allowing local users to gain privileges. This could enable an attacker to run arbitrary...

Ralinktech wireless cards drivers vulnerability

Some Ralinktech wireless cards drivers are suffer from integer overflow. by sending malformed 802.11 Probe Request packet with no care about victim's MACBSSSSID can cause to remote code execution in kernel mode. In order to exploit this issue, the attacker should send a Probe Request packet with...

Cross site request forgery (csrf)

The NT kernel-mode driver aka pstrip.sys 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory...

CVE-2008-5725

The NT kernel-mode driver aka pstrip.sys 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory...

CVE-2008-5725

The NT kernel-mode driver aka pstrip.sys 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory...

CVE-2008-5725

The CVE affects the NT kernel-mode driver pstrip.sys (versions 5.0.1.1 and earlier) used by EnTech Taiwan PowerStrip (3.84 and earlier). The vulnerability arises from certain IRP parameters in an IOCTL sent to \Device\Powerstrip1, which can overwrite portions of memory and enable local privilege ...