128 matches found
kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled
It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks...
The vulnerability of the patch offset2lib in the Linux operating system’s kernel allows a hacker to gain access to the stack protection mechanism.
The vulnerability of patch offset2lib in Linux operating systems arises from the minimal memory range between the upper boundary of the stack and the PIE binary code segment, which is located in memory starting at 0x80000000. This occurs when the RLIMITSTACK parameter is set to RLIMINFINITY, and ...
The vulnerability in the implementation of the operating system NetBSD’s stack protection mechanism allows a hacker to execute arbitrary code.
The vulnerability of the Linux kernel’s stack protection mechanism is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using specially crafted binary files with setuid permissions...
The vulnerability in the implementation of the operating system NetBSD’s stack protection mechanism allows a hacker to execute arbitrary code.
The vulnerability of the Linux kernel’s stack protection mechanism is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using specially crafted binary files with setuid attributes as,usr,bin,at...
Important kernel security update: CVE-2017-1000364; Virtuozzo 7.0 Update 4 Hotfix 3 (7.0.4-1107)
The new update for Virtuozzo 7.0.4 provides a security fix. Vulnerability id: CVE-2017-1000364, PSBM-67428 A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an...
PT-2017-2391 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.11.5 Description: The issue is caused by a minimal memory range between the upper boundary of the stack and the PIE binary segment in memory, starting at 0x40000000. This can be exploited by a local attacker t...
CVE-2016-10332
In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications...
Stack overflow
In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications...
CVE-2016-10332
In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications...
CVE-2016-10332
CVE-2016-10332 : Affects Android builds from CAF using the Linux kernel where stack protection was not enabled for secure applications. The available description specifies the missing stack-protection bit but provides no details on affected products/versions beyond “Android releases from CAF usin...
UBUNTU-CVE-2016-4973
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection SSP might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature...
Oracle Linux 6 : ocaml (ELSA-2017-0565)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-0565 advisory. 3.11.2-5 - Enable execshield stack protection on ppc/ppc64 572826 related: rhbz1343082 - Fix strict-aliasing warnings in build 990540. 3.11.2-3 - Fix buffer...
Windows PE Binary Static Analysis Tool : BinSkim
Windows PE Binary Static Analysis Tool BinSkim is a binary static analysis tool that scans Windows Portable Executable PE files for security and correctness. Among the verifications performed by BinSkim are validations that the PE file has opted into all of the binary mitigations offered by the...
FreeBSD : FreeBSD -- rtsold(8) remote buffer overflow vulnerability (72ee7111-6007-11e6-a6c3-14dae9d210b8)
Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold8. Impact : Receipt of a router advertisement message with a malformed DNSSL option, for instance from a compromised host on the same...
Linux/x86-64 - shell_reverse_tcp with Password Polymorphic Shellcode (1) (122 bytes)
/--------------------------------------------------------------------------------------------------------------------- / Title: tcp reverse shell with password polymorphic version 122 bytes Author: Sathish kumar Contact: https://www.linkedin.com/in/sathish94 Copyright: c 2016 iQube. http://iQube....
Linux/x86 execve "/bin/sh" - shellcode 24 byte
Linux/x86 execve "/bin/sh" - shellcode 24 byte. Shellcode exploit for linx86 platform / ; Title: Linux/x86 execve "/bin/sh" - shellcode 24 byte ; Platform: linux/x86 ; Date: 2015-01-03 ; Author: Dennis 'dhn' Herrmann ; Website: https://zer0-day.pw BITS 32 global start section .text ; syscalls...
A step-by-step learn the ROP of the Android ARM 3 2-vulnerability warning-the black bar safety net
ROP stands for Return-oriented programming return-oriented programming this is an advanced memory attack techniques that can be used to bypass the modernoperating systema variety of common defenses such as the memory is not performed and code signing. Before we mainly discussed on linux in this...
What is a "good" memory corruption vulnerability?
Posted by Chris Evans, register whisperer. Part 1 of 4. There are a lot of memory corruption vulnerabilities in software, but not all are created equal. To a certain degree, the “usefulness” of a given memory corruption vulnerability is determined by how reliably it might be exploited. In some...
Exploit-Tutorial-1
This is a module that will help you learn the basics of exploit development, the focus on this one is a stack-buffer type of overflow and the platform used is GNU/Linux. Basic Buffer Overflow for Linux - Part of the Exploit Pack Tutorials The following exploit code has been written in Python and...
FreeBSD-SA-14:20.rtsold
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:20.rtsold Security Advisory The FreeBSD Project Topic: rtsold8 remote buffer overflow vulnerability Category: core Module: rtsold Announced: 2014-10-21 Credits...