CVE-2007-6754

The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and...

CVE-2012-2674

Multiple integer overflows in the 1 chkmalloc, 2 leakmalloc, and 3 leakmemalign functions in libc/bionic/mallocdebugleak.c in Bionic libc for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a lar...

CVE-2006-7252

Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte...

CVE-2007-6754

CVE-2007-6754 concerns the ipalloc function in libc/stdlib/malloc.c within jemalloc used by FreeBSD 6.4 and NetBSD. The vulnerability stems from improper memory allocation in jemalloc, enabling context-dependent attackers to trigger memory-related issues such as buffer overflows when handling an ...

CVE-2006-7252

CVE-2006-7252 affects the jemalloc allocator used by libc on FreeBSD 6.4 and NetBSD. The root cause is an integer overflow in calloc within libc/stdlib/malloc.c, which can allow a context-dependent attacker to trigger memory-related issues by supplying a large size value that leads to a 1-byte al...

The story of the Linux kernel 3.x...

The story of the Linux kernel 3.x... In 2005 everybody was exited about possibility of bypass ASLR on all Linux 2.6 kernels because of the new concept called VDSO Virtual Dynamic Shared Object. More information about this story can be found at the following link:...

Разработка эксплоитов для Linux. Часть 4 – обход ASCII armor и возврат в plt

Автор: sickness Блог автора: Перевод: Gh0St 07.04.2012 Разработка эксплоитов для Linux. Часть 4 – обход ASCII armor и возврат в plt. ПРИМЕЧАНИЕ: Перед чтением данного документа, рекомендуется ознакомиться со следующими работами: Руководство по написанию эксплоитов для Linux. Часть I – переполнени...

glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error

A denial of service flaw was found in the remote procedure call RPC implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time...

glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE

The addmntent function in the GNU C Library aka glibc or libc6 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small...

glibc: ldd unexpected code execution issue

ldd in the GNU C Library aka glibc or libc6 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LDTRACELOADEDOBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion...

FreeBSD Security Advisory FreeBSD-SA-11:07.chroot

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:07.chroot Security Advisory The FreeBSD Project Topic: Code execution via chrooted ftpd Category: core Module: libc Announced: 2011-12-23 Affects: All supporte...

FreeBSD-SA-11:07.chroot

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:07.chroot Security Advisory The FreeBSD Project Topic: Code execution via chrooted ftpd Category: core Module: libc Announced: 2011-12-23 Affects: All supporte...

FreeBSD libc code execution

lib/nsscompat.so.1 library in chroot environment is loaded. Vulnerability is used in-the-wild remotely against FTP-servers...

Libc - regcomp() Stack Exhaustion Denial of Service

Libc - regcomp Stack Exhaustion Denial of Service ? / PHP 5.4 5.3 memorylimit bypass exploit poc by Maksymilian Arciemowicz http://cxsecurity.com/ cxib a.T cxsecurity d0t com To show memorylimit in PHP php /www/memlimpoc.php 1 35000000 PHP Fatal error: Allowed memory size of 33554432 bytes...

BSD libc/regcomp(3) Memory Management / Recursion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple BSD libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://www.netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 05.10.2011 - - Pub.: 04.11.2011 CVE: CVE-2011-3336 Affected Software: - -...

Libc - 'regcomp()' Stack Exhaustion Denial of Service

? / PHP 5.4 5.3 memorylimit bypass exploit poc by Maksymilian Arciemowicz http://cxsecurity.com/ cxib a.T cxsecurity d0t com To show memorylimit in PHP php /www/memlimpoc.php 1 35000000 PHP Fatal error: Allowed memory size of 33554432 bytes exhausted tried to allocate 35000001 bytes in...

Solaris 10 (sparc) : 147713-01

SunOS 5.10: libc patch. Date this patch was last updated by Sun : Oct/07/11 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/11/14. C Tenable Network Security, Inc. if ! definedfunc"bnrandom"...

NetBSD 5.1 libc/net multiple functions stack buffer overflow

NetBSD 5.1 libc/net multiple functions stack buffer overflow Author: Maksymilian Arciemowicz http://netbsd.org/donations/ Date: - Dis.: 01.04.2011 - Pub.: 01.07.2011 CVE: CVE-2011-1656 CWE: CWE-121 Affected software: - NetBSD 5.1 fixed Affected functions: - getservbyname3 - getservbynamer3 -...

NetBSD 5.1 libc/net multiple functions stack buffer overflow

No description provided by source. NetBSD 5.1 libc/net multiple functions stack buffer overflow Author: Maksymilian Arciemowicz http://netbsd.org/donations/ Date: - Dis.: 01.04.2011 - Pub.: 01.07.2011 CVE: CVE-2011-1656 CWE: CWE-121 Affected software: - NetBSD 5.1 fixed Affected functions: -...

NetBSD 5.1 libc/net Stack Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD 5.1 libc/net multiple functions stack buffer overflow Author: Maksymilian Arciemowicz http://netbsd.org/donations/ Date: - - Dis.: 01.04.2011 - - Pub.: 01.07.2011 CVE: CVE-2011-1656 CWE: CWE-121 Affected software: - - NetBSD 5.1 fixed Affected...