FreeBSD-SA-09:13.pipe

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:13.pipe Security Advisory The FreeBSD Project Topic: kqueue pipe race conditions Category: core Module: kern Announced: 2009-10-02 Credits: Przemyslaw Frasunek...

FreeBSD -- kqueue pipe race conditions

Problem Description A race condition exists in the pipe close code relating to kqueues, causing use-after-free for kernel memory, which may lead to an exploitable NULL pointer vulnerability in the kernel, kernel memory corruption, and other unpredictable results. Impact: Successful exploitation o...

FreeBSD 'kqueue'存在一个未明NULL指针引用漏洞

Bugraq ID: 36375 FreeBSD是一款开放源代码的操作系统。 FreeBSD包含的kqueue存在一个未明NULL指针引用漏洞，本地攻击者可以利用漏洞获得root特权，目前没有详细漏洞细节提供。 FreeBSD FreeBSD 6.0 .x FreeBSD FreeBSD 6.0 -STABLE FreeBSD FreeBSD 6.0 -RELEASE FreeBSD FreeBSD 6.4-RELEASE-p5 FreeBSD FreeBSD 6.4-RELEASE-p4 FreeBSD FreeBSD 6.4-RELEASE-p2 FreeBSD FreeBSD 6....

Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference

Przemyslaw Frasunek pisze: FreeBSD = 6.1 suffers from classical check/use race condition on SMP There is yet another kqueue related vulnerability. It affects 6.x, up to 6.4-STABLE. FreeBSD security team was notified on 29th Aug, but there is no response until now, so I won't publish any details...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

No description provided by source. FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread loopin...

FreeBSD <= 6.1 kqueue() NULL pointer dereference

FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread looping on kevent, trying to add possibly...

FreeBSD 6.1 - kqueue() Null Pointer Dereference Privilege Escalation

FreeBSD 6.1 - kqueue Null Pointer Dereference Privilege Escalation / FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thre...

FreeBSD <= 6.1 kqueue() NULL pointer dereference

FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread looping on kevent, trying to add possibly...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

Exploit for freebsd platform in category local exploits =================================================================== FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile...

FreeBSD 6.1 - &#039;kqueue()&#039; Null Pointer Dereference Privilege Escalation

/ FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thread thread; gotroot = 1; asm "movl %%fs:0, %0" : "=r"thread ;...

FreeBSD 6.1 kqueue() NULL Pointer Dereference

FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile int gotroot = 0; static void kernelcodevoid struct thread thread; gotroot = 1; asm "movl %%fs:0, %0" : "=r"thread ;...

Apple Mac OS X KQueue本地拒绝服务漏洞

Apple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X kqueue和kevent接口处理存在问题，本地攻击者可以利用漏洞对系统进行拒绝服务攻击。 利用一个进程注册一个队列，并通过kevent调用一个内核事件，然后通过fork派生一个子进程，尝试为相同"parent"队列注册另一个事件时可触发漏洞，造成系统拒绝服务。 Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8 http://www.apple.com/macosx/...

CVE-2002-0831

Technical details about CVE-2002-0831 are not publicly available in the provided documents. Monitor for updates.

CVE-2002-0831

The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service kernel panic via a pipe call in which one end is terminated and an EVFILTWRITE filter is registered for the other end...

CVE-2002-0831

The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service kernel panic via a pipe call in which one end is terminated and an EVFILTWRITE filter is registered for the other end...

Security Advisory FreeBSD-SA-02:37.kqueue

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:37.kqueue Security Advisory The FreeBSD Project Topic: local users can panic the system using the kqueue mechanism Category: core Module: kqueue Announced: 2002-08-05...

FreeBSD kqueue DoS

Pipe with one end closed causes system panic after applying EVFILTWRITE filter...

FreeBSD-SA-02:37.kqueue

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:37.kqueue Security Advisory The FreeBSD Project Topic: local users can panic the system using the kqueue mechanism Category: core Module: kqueue Announced: 2002-08-05...