1261 matches found
CVE-2013-4511
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the 1 au1100fbfbmmap function in...
UBUNTU-CVE-2013-4511
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the 1 au1100fbfbmmap function in...
UBUNTU-CVE-2013-6763
The uiommapphysical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service memory corruption or possibly gain privileges via crafted mmap operations, a different vulnerability than...
PT-2013-5051 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.12 Description: The issue is related to multiple integer overflows in Alchemy LCD frame-buffer drivers. Local users can create a read-write memory mapping for the entirety of kernel memory and gain privileges...
Linux Kernel Sendpage Local Privilege Escalation
The Linux kernel failed to properly initialize some entries in the protoops struct for several protocols, leading to NULL being dereferenced and used as a function pointer. By using mmap2 to map page 0, an attacker can execute arbitrary code in the context of the kernel. Several public exploits...
Oracle Linux 5 : kernel (ELSA-2010-0504)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0504 advisory. - fs gfs2: fix permissions checking for setflags ioctl Steven Whitehouse 595580 595399 CVE-2010-1641 - misc keys: do not find already freed keyrings...
FreeBSD 本地权限提升漏洞(CVE-2013-2171)
BUGTRAQ ID: 60615 CVECAN ID: CVE-2013-2171 FreeBSD是一种UNIX操作系统,是由经过BSD、386BSD和4.4BSD发展而来的Unix的一个重要分支 FreeBSD 9.0及其他版本的虚拟内存系统对权限检查不充分,注入debugger之类的跟踪进程可在未授权情况下修改被跟踪进程的地址空间,覆盖内核内存,造成权限提升或系统崩溃 0 FreeBSD = 9.0 厂商补丁: FreeBSD ------- FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-13:06.mmap.asc)以及相应补丁:...
Immunity Canvas: MAPTRACE
Name| maptrace ---|--- CVE| CVE-2013-2171 Exploit Pack| CANVAS Description| maptrace: MMAP/PTRACE privilege escalation Notes| CVE Name: CVE-2013-2171 VENDOR: Intel,FreeBSD Notes: Tested on FreeBSD 9.0-RC3 and FreeBSD 9.0-RELEASE AMD64 To test this exploit from CANVAS use the...
Design/Logic Flaw
The vmmaplookup function in sys/vm/vmmap.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain...
CVE-2013-2171
CVE-2013-2171 affects FreeBSD 9.0–9.1-RELEASE-p4 where vm_map_lookup in the mmap path may bypass write-permissions checks, enabling local privilege escalation via crafted mmap/ptrace usage. Exploitation details appear in public modules (Metasploit, CANVAS) and vendor advisories describe the fix i...
Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)
$ uname -a FreeBSD fbsd91x64 9.1-RELEASE FreeBSD 9.1-RELEASE 0 r243825: Tue Dec 4 09:23:10 UTC 2012 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 $ id uid=1001hunger gid=1002hunger groups=1002hunger $ gcc fbsd9lul.c -o fbsd9lul $ ./fbsd9lul FreeBSD 9.0,1 mmap/ptrace exploit by...
FreeBSD mmap+ptrace vulnerability
It's possible to modify mmap memory mapped files via ptrace...
FreeBSD Security Advisory FreeBSD-SA-13:06.mmap [REVISED]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:06.mmap Security Advisory The FreeBSD Project Topic: Privilege escalation via mmap Category: core Module: kernel Announced: 2013-06-18 Credits: Konstantin...
FreeBSD 9.0+ Privilege Escalation
/ CVE-2013-2171 FreeBSD 9.0+ Privilege escalation via mmap poc by SynQ, rdot.org, 6/2013 don't forget to cp /etc/crontab /tmp / include include include include include include include include char sc="\t\t\t\t\troot\t/tmp/bukeke\n"; void child int status; status = ptracePTTRACEME, 0, 0, 0; if...
FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Local Privilege Escalation
/ FreeBSD 9.0,1 mmap/ptrace exploit by Hunger Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... : Greetings to nohup, 2501, boldi, eax, johnnyb, kocka, op, pipacs, prof, sd, sghctoma, snq, spender, s2crew and others at hekkcamp: I hope we'll meet...
FreeBSD mmap Privilege Escalation Exploit
This exploits performs privilege escalation leveraging the mmap vulnerability in FreeBSD 9.1 as described in FreeBSD-SA-13:06. / FreeBSD privilege escalation CVE-2013-2171 credits Konstantin Belousov & Alan Cox tested on FreeBSD 9.1 ref:...
FreeBSD : FreeBSD -- Privilege escalation via mmap (abef280d-d829-11e2-b71c-8c705af55518)
Due to insufficient permission checks in the virtual memory system, a tracing process such as a debugger may be able to modify portions of the traced process's address space to which the traced process itself does not have write access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
FreeBSD -- Privilege escalation via mmap
Due to insufficient permission checks in the virtual memory system, a tracing process such as a debugger may be able to modify portions of the traced process's address space to which the traced process itself does not have write access...
FreeBSD-SA-13:06.mmap
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:06.mmap Security Advisory The FreeBSD Project Topic: Privilege escalation via mmap Category: core Module: kernel Announced: 2013-06-18 Credits: Konstantin...
Qualcomm Gandalf camera driver
The camera driver provides several interfaces to user space clients. The user space clients communicate to the kernel via syscalls such as ioctl or mmap. The camera driver provides an uncontrolled mmap interface that allows an application with access to the device file to map physical memory...