1583 matches found
MOKB-09-11-2006
Title: Mac OS X fpathconf syscall denial of service Warning - wet floor! Description: Failure to handle unknown file types by the Mac OS X kernel XNU fpathconf syscall causes a kernel panic, leading to an exploitable local denial of service by non-privileged users. The bug was fixed by FreeBSD on...
CVE-2006-5836
The fpathconf syscall function in bsd/kern/kerndescrip.c in the Darwin kernel XNU 8.8.1 in Apple Mac OS X allows local users to cause a denial of service kernel panic and possibly execute arbitrary code via a file descriptor with an unrecognized file type...
CVE-2006-5836
The CVE-2006-5836 entry concerns the Mac OS X kernel (Darwin/XNU) fpathconf() syscall in kern_descrip.c, affecting Darwin 8.8.1. The vulnerability allows an authenticated local attacker to trigger a kernel panic (DoS) via a file descriptor associated with an unrecognized file type (e.g., semaphor...
CVE-2006-5836
The fpathconf syscall function in bsd/kern/kerndescrip.c in the Darwin kernel XNU 8.8.1 in Apple Mac OS X allows local users to cause a denial of service kernel panic and possibly execute arbitrary code via a file descriptor with an unrecognized file type...
Linux Kernel 2.4.x mremap() bound checking Root Exploit
No description provided by source. / Linux kernel mremap bound checking bug exploit. Bug found by Paul Starzetz paul isec pl Copyright c 2004 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY. COPYING,...
Debian DSA-1017-1 : kernel-source-2.6.8 - several vulnerabilities
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-1017 Multiple overflows exist in the ioedgepor...
Brief analysis of the Linux and FreeBSD syscall with the shellcode-exploit warning-the black bar safety net
Article author: 7all Information source: evil octal information security team www.eviloctal.com) ==www.cciss.cn.== ==the bbs. cciss. cn.== Brief analysis of the Linux and FreeBSD syscall with the shellcode |=---------------= Brief analysis of the Linux and FreeBSD syscall with the...
Solaris 10 - sysinfo() Local Kernel Memory Disclosure (1)
Solaris 10 - sysinfo Local Kernel Memory Disclosure 1 / Sun Microsystems Solaris sysinfo Kernel Memory Disclosure exploit =================================================================== Local exploitation of an integer overflow vulnerability in Sun Microsystems Inc. Solaris allows attackers t...
CentOS 3 : kernel (CESA-2005:293)
Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating syste...
iShopCart vGetPost() Remote Buffer Overflow Exploit (cgi)
No description provided by source. / Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: ishopcart-cgi-bof.c = easy-scart6.c Date: 5/25/2006 Version: 1.00 5/25/2006 - ishopcart-cgi-bof.c created Description: there is an overflow in the vGetPost function, it does not do any size checki...
linux/amd64 - connect-back semi-stealth shellcode 88+ bytes
linux/amd64 connect-back semi-stealth shellcode 88+ bytes. Shellcode exploit for linamd64 platform include include include include include include include / usual rant here.. this is just a doodle.. i was curious about the amd64 and since i dont think a simple exec /bin/sh is worth releasing i gi...
linux/amd64 connect-back semi-stealth shellcode 88+ bytes
Exploit for linux/amd64 platform in category shellcode ========================================================= linux/amd64 connect-back semi-stealth shellcode 88+ bytes ========================================================= include include include include include include include / usual rant...
linux/x86 SWAP restore shellcode 109 bytes
No description provided by source. / linux-x86-swap-restore.c - SWAP restore shellcode 109 bytes for Linux/x86 Copyright c 2006 Gotfault Security & rfdslabs Authors: dx [email protected] spud [email protected] This shellcode reads the swap device at offset 31337. After it searchs by NULL byt...
Ubuntu 4.10 / 5.04 : linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities (USN-143-1)
A Denial of Service vulnerability has been discovered in the ptrace call on the amd64 platform. By calling ptrace with specially crafted 'non-canonical' addresses, a local attacker could cause the kernel to crash. This only affects the amd64 platform. CAN-2005-1762 ZouNanHai discovered that a loc...
linux/x86 dup20,0; dup20,1; dup20,2; 15 bytes
linux/x86 dup20,0; dup20,1; dup20,2; 15 bytes. Shellcode exploit for linx86 platform / dup2loop-core.c by Charles Stevenson I made this as a chunk you can paste in to make modular remote exploits. I usually combine this with an execve as the second stage of a read jmp %esp / char hellcode = /...
kernel security update
CentOS Errata and Security Advisory CESA-2005:514 Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the second regular update. This update has been rated as having important security impact by the Red Hat Security...
Important: Red Hat Security Advisory: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 6
Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the sixth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles t...
linux/x86 /bin/sh sysenter Opcode Array Payload 23 Bytes
No description provided by source. / lnxbinsh4.c - v1 - 23 Byte /bin/sh sysenter Opcode Array Payload Copyrightc 2005 c0ntex [email protected] Copyrightc 2005 BaCkSpAcE [email protected] This program is free software; you can redistribute it and/or modify it under the terms of the GNU...
linux/x86 /bin/sh sysenter Opcode Array Payload 27 Bytes
linux/x86 /bin/sh sysenter Opcode Array Payload 27 Bytes. Shellcode exploit for linx86 platform / lnxbinsh3.c - v1 - 27 Byte /bin/sh sysenter Opcode Array Payload Copyrightc 2005 c0ntex Copyrightc 2005 amnesia This program is free software; you can redistribute it and/or modify it under the terms...
Linux kernel ia32 compatibility for 64 bit platforms race condtions
Race conditions with heap memory corruption in execve syscall...