The vulnerability of the OpenBSD operating system, which allows a hacker to trigger a service failure

The vulnerability of the OpenBSD operating system is related to errors in number processing. Exploiting this vulnerability allows a malicious actor, operating locally, to cause a service failure—i.e., the appearance of a “Assertion failure” window and a kernel error. This occurs by using a large...

Information disclosure

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service assertion failure and kernel panic via a large ident value in a kevent system call...

CVE-2016-6242

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service assertion failure and kernel panic via a large ident value in a kevent system call...

CVE-2016-6242

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service assertion failure and kernel panic via a large ident value in a kevent system call...

CVE-2016-6242

OpenBSD 5.8 and 5.9 are affected by CVE-2016-6242: a local attacker can trigger a denial of service by supplying a large ident value to a kevent system call, causing an assertion failure and kernel panic. This is a local-privilege context with no remote access implied. The observed impact is a ke...

CVE-2016-6242

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service assertion failure and kernel panic via a large ident value in a kevent system call...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

No description provided by source. / FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread...

BSD systems kevent race conditions

Race conditions on SMP systems...

FreeBSD kevent()系统调用竞争条件漏洞

BUGTRAQ ID: 36101 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD的SMP系统中的kevent系统调用存在竞争条件错误。如果本地用户生成了两个线程，其中第一个线程循环执行open和close系统调用而第二个线程循环执行kevent尝试添加无效的文件描述符，就会触发内核态的空指针引用，导致拒绝服务或运行root shell。 FreeBSD = 6.1 厂商补丁： FreeBSD ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

FreeBSD &lt;= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

No description provided by source. FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread loopin...

FreeBSD &lt;= 6.1 kqueue&#40;&#41; NULL pointer dereference

FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread looping on kevent, trying to add possibly...

FreeBSD 6.1 - kqueue() Null Pointer Dereference Privilege Escalation

FreeBSD 6.1 - kqueue Null Pointer Dereference Privilege Escalation / FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thre...

FreeBSD &lt;= 6.1 kqueue&#40;&#41; NULL pointer dereference

FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread looping on kevent, trying to add possibly...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

Exploit for freebsd platform in category local exploits =================================================================== FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile...

FreeBSD 6.1 - &#039;kqueue()&#039; Null Pointer Dereference Privilege Escalation

/ FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thread thread; gotroot = 1; asm "movl %%fs:0, %0" : "=r"thread ;...

Buffer overflow

The nvcoaft51 driver in Norman Virus Control NVC 5.82 uses weak permissions unrestricted write access for the NvcOa device, which allows local users to gain privileges by 1 triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by 2 sending a crafted KEVENT...

norton-local.txt

/ Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can be opened by any user. As result, a user can send a...

Norman Virus Control - nvcoaft51.sys ioctl BF672028

Norman Virus Control - nvcoaft51.sys ioctl BF672028 / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can b...

Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit

Exploit for unknown platform in category local exploits ========================================================= Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit ========================================================= / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstrac...

Norman Virus Control - &#039;nvcoaft51.sys&#039; ioctl BF672028

/ Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can be opened by any user. As result, a user can send a...