OpenBSD - ICMPv6 Fragment Remote Execution Exploit PoC

No description provided by source. The PoC executes the shellcode int 3 and returns. It overwrites the extfree function pointer on the mbuf and forces a mfreem on the overflowed packet. The Impacket library is used to craft and send packets http://oss.coresecurity.com/projects/impacket.html or...

openbsdanim-local.txt

/ A PRODUCTION OF LUL-DISLCOSURE INC. PROUDLY PRESENTS... 888 888 888 888 888 888 .d88b. 88888b. .d88b. 88888b. 88888b. .d8888b .d88888 d88""88b 888 "88b d8P Y8b 888 "88b 888 "88b 88K d88" 888 888 888 888 888 88888888 888 888 888 888 "Y8888b. 888 888 Y88..88P 888 d88P Y8b. 888 888 888 d88P X88 Y8...

CVE-2007-0085

Unspecified vulnerability in sys/dev/pci/vgapci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agpioctl NULL...

CVE-2006-6164

The CVE-2006-6164 entry concerns OpenBSD 3.9 and 4.0 where the _dl_unsetenv function in loader.c of the ELF ld.so fails to remove duplicate environment variables. This could allow local users to pass dangerous variables (e.g., LD_PRELOAD) to loading processes, potentially enabling privilege escal...