12 matches found
EUVD-2010-3829
Malware in sbrugna...
K16489: Linux kernel security vulnerabilities CVE-2010-3848, CVE-2010-3849, and CVE-2010-3850
Security Advisory Description CVE-2010-3848 Stack-based buffer overflow in the econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures...
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl Exploit
macOS ifaaddr-safamily != AFINET6 // - crash here IFAUNLOCKifa; error = EAFNOSUPPORT; break; Note that IFALOCK is called on user-provided data; it appears that there is an opportunity for memory corruption a controlled write when using indirect mutexes via LCKMTXTAGINDIRECT see lckmtxlockslow...
Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
/ Reproduction Tested on macOS 10.14.3: $ clang -o stfwildread stfwildread.cc $ ./stfwildread Explanation SIOCSIFADDR is an ioctl that sets the address of an interface. The stf interface ioctls are handled by the stfioctl function. The crash occurs in the following case where a struct ifreq is re...
Apple macOS 10.14.5 iOS 12.3 XNU - Wild-read due to bad cast in stf_ioctl
Apple macOS 10.14.5 iOS 12.3 XNU - Wild-read due to bad cast in stfioctl / Reproduction Tested on macOS 10.14.3: $ clang -o stfwildread stfwildread.cc $ ./stfwildread Explanation SIOCSIFADDR is an ioctl that sets the address of an interface. The stf interface ioctls are handled by the stfioctl...
CVE-2010-3850
The ecdevioctl function in net/econet/afeconet.c in the Linux kernel before 2.6.36.2 does not require the CAPNETADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call...
ARM ifconfig eth0 and Assign Address
No description provided by source. / Title: arm-ifconfig Brief: Bring up eth0 and assign it the address 192.168.0.2 Author: Daniel Godas-Lopez gmail account dgodas / / socdes = socketAFINET, SOCKDGRAM, IPPROTOIP; / mov %r0, $2 / AFINET / mov %r1, $2 / SOCKDGRAM / mov %r2, $0 / IPPRTOTOIP / push...
FreeBSD : FreeBSD -- Insufficient credential checks in network ioctl(2) (4d87d357-202c-11e3-be06-000c29ee3065)
Problem Description : As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code. Network interface drivers, however, assume th...
SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7303)
This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. The following security issues were fixed : - A local attacker could use a Oops kernel crash caused by other flaws to write a 0 byte to a attacker controlled address in the kernel. This could lea...
CVE-2010-3850
The ecdevioctl function in net/econet/afeconet.c in the Linux kernel before 2.6.36.2 does not require the CAPNETADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call...
linux/ARM - ifconfig eth0 and Assign Address
Exploit for linux/x86 platform in category shellcode ============================================ linux/ARM - ifconfig eth0 and Assign Address ============================================ / Title: arm-ifconfig Brief: Bring up eth0 and assign it the address 192.168.0.2 Author: Daniel Godas-Lopez /...
ARM ifconfig eth0 and Assign Address
ARM ifconfig eth0 and Assign Address. Shellcode exploit for arm platform / Title: arm-ifconfig Brief: Bring up eth0 and assign it the address 192.168.0.2 Author: Daniel Godas-Lopez / / socdes = socketAFINET, SOCKDGRAM, IPPROTOIP; / mov %r0, $2 / AFINET / mov %r1, $2 / SOCKDGRAM / mov %r2, $0 /...