iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities

iDEFENSE Security Advisory 09.16.2002 FreeBSD Ports libkvm Security Vulnerabilities DESCRIPTION The FreeBSD ports asmon, ascpu, bubblemon, wmmon, and wmnet2 can be locally manipulated to take advantage of open file descriptors /dev/mem and /dev/kmem to gain root privileges on a target host. These...

FreeBSD 3.03.13.23.33.4 - AsmonAscpu Local Privilege Escalation

FreeBSD 3.03.13.23.33.4 - AsmonAscpu Local Privilege Escalation source: https://www.securityfocus.com/bid/996/info A vulnerability exists in both the ascpu and asmon ports to FreeBSD. Ascpu and asmon are applets for the popular window manager AfterStep. They retain the look and feel of this windo...

wmmon.freebsd.txt

Posted Tuesday, December 21, 1999 - 16:41 by reid: Steve Reid wrote: Wmmon is a popular program for monitoring CPU load and other system utilization. It runs as a dockapp under WindowMaker. The FreeBSD version of this program has a feature that can be trivially exploited to gain group kmem in...

SunOS 4.1.3 - etccrash SetGID kmem Privilege Escalation

SunOS 4.1.3 - etccrash SetGID kmem Privilege Escalation source: https://www.securityfocus.com/bid/59/info /etc/crash was installed setgid kmem and excutable by anyone. Any user can use the ! shell command escape to executes commands, which are then performed with group set to kmem. $ /etc/crash !...

SunOS 4.1.3 - '/etc/crash' SetGID kmem Privilege Escalation

source: https://www.securityfocus.com/bid/59/info /etc/crash was installed setgid kmem and excutable by anyone. Any user can use the ! shell command escape to executes commands, which are then performed with group set to kmem. $ /etc/crash ! sh...