212 matches found
FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak
/FreeBSD include include include include include include include include include int createconnectionchar target, char targetport; void getlineint s; void putlineint s, char out; void usagechar exe; char in8096; char out8096; char out28096; int mainint argc, char argv extern int optind; extern ch...
FreeBSD - 'mbufs()' sendfile Cache Poisoning Privilege Escalation
/ freebsd x86/x64 sendfile cache local root xpl v2 by Kingcope 2010 -- should h4x any freebsd 8. and 7. prior to 12Jul2010 tampers /bin/sh to contain a shellcode which does ' chmod a+s /tmp/sh chown root /tmp/sh execve /tmp/sh2 ' how to use: terminal 1: $ cp /bin/sh /tmp/sh $ cp /bin/sh /tmp/sh2 ...
FreeBSD - mbufs() sendfile Cache Poisoning Privilege Escalation
FreeBSD - mbufs sendfile Cache Poisoning Privilege Escalation / freebsd x86/x64 sendfile cache local root xpl v2 by Kingcope 2010 -- should h4x any freebsd 8. and 7. prior to 12Jul2010 tampers /bin/sh to contain a shellcode which does ' chmod a+s /tmp/sh chown root /tmp/sh execve /tmp/sh2 ' how t...
FreeBSD mbufs() sendfile Cache Poisoning Privilege Escalation
Exploit for freebsd platform in category local exploits ============================================================= FreeBSD mbufs sendfile Cache Poisoning Privilege Escalation ============================================================= / freebsd mbufs sendfile cache poisoning-priv escalation...
FreeBSD Security Advisory (FreeBSD-SA-10:07.mbuf.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-10:07.mbuf.asc SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
FreeBSD mbuf本地权限提升漏洞
BUGTRAQ ID: 41577 CVE ID: CVE-2010-2693 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 mbuf是FreeBSD内核进程间通讯和联网子系统中的基础内存管理单元。网络报文和套接字缓冲区依赖于mbuf进行存储。 在复制mbuf缓冲区引用时没有正确地拷贝只读标志,如果使用sendfile2系统调用在回环接口上传输数据,就可能导致修改所传送数据的后端内存页,造成数据破坏。本地攻击者可以通过精心控制系统文件的破坏情况来利用这种数据破坏提升权限。请注意攻击者可以破坏任意可读访问的文件。 FreeBSD FreeBSD 8....
Memory corruption
FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service system file corruption and gain privileges via the sendfile system call...
CVE-2010-2693
CVE-2010-2693 affects FreeBSD 7.1–8.1-PRERELEASE where the read-only flag is not copied when duplicating an mbuf buffer reference. This can allow a local attacker to cause data corruption via sendfile(2) on the loopback path and potentially escalate privileges by corrupting system files. The issu...
FreeBSD-SA-10:07.mbuf
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-10:07.mbuf Security Advisory The FreeBSD Project Topic: Lost mbuf flag resulting in data corruption Category: core Module: kern Announced: 2010-07-13 Credits: Min...
FreeBSD -- Lost mbuf flag resulting in data corruption
Problem Description: The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile2 system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption...
Fedora Update for boa FEDORA-2010-7645
Check for the Version of boa OpenVAS Vulnerability Test Fedora Update for boa FEDORA-2010-7645 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...
[SECURITY] Fedora 12 Update: boa-0.94.14-0.15.rc21.fc12
Boa is a single-tasking HTTP server. That means that unlike traditional web servers, it does not fork for each incoming connection, nor does it fork ma ny copies of itself to handle multiple connections. It internally multiplexes all of the ongoing HTTP connections, and forks only for CGI program...
Linux Kernel 2.4/2.6 sock_sendpage() ring0 Root Exploit (simple ver)
Exploit for linux platform in category local exploits ==================================================================== Linux Kernel 2.4/2.6 socksendpage ring0 Root Exploit simple ver ==================================================================== / 0x82-CVE-2009-2692 Linux kernel 2.4/2.6...
Design/Logic Flaw
The 1 sendfile and 2 sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv110, allow local users to cause a denial of service panic via vectors related to vnode function calls...
FreeBSD Security Advisory (FreeBSD-SA-08:03.sendfile.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-08:03.sendfile.asc ADV FreeBSD-SA-08:03.sendfile.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008...
FreeBSD Security Advisory (FreeBSD-SA-05:02.sendfile.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:02.sendfile.asc ADV FreeBSD-SA-05:02.sendfile.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008...
FreeBSD Security Advisory (FreeBSD-SA-05:02.sendfile.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:02.sendfile.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
FreeBSD Security Advisory (FreeBSD-SA-08:03.sendfile.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-08:03.sendfile.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2008-3666
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv96 allows 1 context-dependent attackers to cause a denial of service panic via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server wi...
CVE-2008-3666
Technical details about CVE-2008-3666 are not publicly disclosed in the provided connected documents; monitor for updates.