1583 matches found
CVE-2005-1765
syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when running in 32-bit compatibility mode, allows local users to cause a denial of service kernel hang via crafted arguments...
USN-143-1: Linux amd64 kernel vulnerabilities
A Denial of Service vulnerability has been discovered in the ptrace call on the amd64 platform. By calling ptrace with specially crafted "non-canonical" addresses, a local attacker could cause the kernel to crash. This only affects the amd64 platform. CAN-2005-1762 ZouNanHai discovered that a loc...
CVE-2005-1765
syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when running in 32-bit compatibility mode, allows local users to cause a denial of service kernel hang via crafted arguments...
CVE-2005-0969
Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service kernel panic and possibly execute arbitrary code via crafted parameters...
RHEL 3 : kernel (RHSA-2005:293)
Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating syste...
security flaw
Linux kernel 2.6 on Itanium ia64 architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry."...
Important: Red Hat Security Advisory: kernel security update
Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating syste...
PaX Double-Mirrored VMA munmap Local Root Exploit
Exploit for linux platform in category local exploits ================================================= PaX Double-Mirrored VMA munmap Local Root Exploit ================================================= / PaX double-mirrored VMA munmap local root exploit Copyright C 2005 Christophe Devine This...
NetBSD Security Advisory 2004-010: Insufficient argument validation in compat code
-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2004-010 ================================= Topic: Insufficient argument validation in compat code Version: NetBSD-current: source prior to Oct 27, 2004 NetBSD 2.0: not affected NetBSD 1.6.2: affected NetBSD 1.6.1: affected NetBSD 1.6:...
freebsd/x86 - execve /tmp/sh 34 bytes
freebsd/x86 execve /tmp/sh 34 bytes. Shellcode exploit for freebsdx86 platform / FreeBSD shellcode - execve /tmp/sh Claes M. Nyberg 20020120 , / / void main asm" xorl %eax, %eax eax = 0 pushl %eax string ends with NULL pushl $0x68732f2f push 'hs//' //sh pushl $0x706d742f push 'pmt/' /tmp movl %es...
bsd/PPC - execve /bin/sh 128 bytes
bsd/PPC execve /bin/sh 128 bytes. Shellcode exploit for bsdppc platform / Linux PPC shellcode execve of /bin/sh by Palante / long shellcode = / Palante's BSD PPC shellcode w/ NULL/ 0x7CC63278, 0x2F867FFF, 0x41BC005C, 0x7C6802A6, 0xB0C3FFF9, 0xB0C3FFF1, 0x38867FF0, 0x38A67FF4, 0x38E67FF3,...
linux/x86 portbind port 5074 + fork() 130 bytes
No description provided by source. / [email protected] 0x9abril0x7d2 syssocketcall 102 0x66 %eax, esta es nuestra rutina principal. En todas las subrutinas vamos a necesitar a: %eax = 0x66. Luego del archivo include/linux/net.h obtenemos la siguiente lista, echenle un vistazo. Entonces en...
freebsd.local.txt
Security Advisory : FreeBSD local DoS Systems affected: FreeBSD 5.1-RELEASE/Alpha. Other versions are probably vulnerable. FreeBSD 5.1-RELEASE/IA32 is not vulnerable. Not sure about other FreeBSD/arch but they could be vulnerable too. Risk: low Date: 23 June 2004 Legal notice: 1. This Advisory is...
Security Advisory : FreeBSD local DoS
Security Advisory : FreeBSD local DoS Systems affected: FreeBSD 5.1-RELEASE/Alpha. Other versions are probably vulnerable. FreeBSD 5.1-RELEASE/IA32 is not vulnerable. Not sure about other FreeBSD/arch but they could be vulnerable too. Risk: low Date: 23 June 2004 Legal notice: 1. This Advisory is...
UNIX 7th Edition binmkdir - Local Buffer Overflow
UNIX 7th Edition binmkdir - Local Buffer Overflow / Exploit for /bin/mkdir Unix V7 PDP-11. mkdir has a buffer overflow when checking if the directory in /arg/with/slashes/fname exists. This will run /bin/sh with euid 0, but not uid 0. Since the shell doesn't do anything special about this, we don...
Syscall implementation could lead to whether or not a file exists
include stdlib.h include unistd.h include stdio.h include sys/types.h include fcntl.h ifndef ONOFOLLOW define ONOFOLLOW 0400000 / don't follow links / endif ifndef OLARGEFILE define OLARGEFILE 0100000 endif int flags = ORDONLY|OEXCL|OSYNC|ONOCTTY|ONOFOLLOW; / taken from scuts format string...
Solaris priocntl exploit
Moderator note: Messages with links to technical details outside of the message are not approved. Because of the potential delay waiting for another submission, the original message has been modified to include the details. Details follow: Solaris's Got Big problem on System Call priocntl...
openbsd-select-bug.txt
Hi there, Recently a bug in the select syscall of openbsd was published. This text describes the details and the eventual exploitation of this bug. First of all let us look at the definition of select: int selectint nfds, fdset readfds, fdset writefds, fdset exceptfds, struct timeval timeout; The...
CylantSecure 1.0 - Kernel Module Syscall Rerouting
CylantSecure 1.0 - Kernel Module Syscall Rerouting / source: https://www.securityfocus.com/bid/2958/info CylantSecure is a commercial Linux hardening tool and security infrastructure available from Cylant Technology. A problem in the CylantSecure infrastructure could allow users to escape...
CylantSecure 1.0 - Kernel Module Syscall Rerouting
/ source: https://www.securityfocus.com/bid/2958/info CylantSecure is a commercial Linux hardening tool and security infrastructure available from Cylant Technology. A problem in the CylantSecure infrastructure could allow users to escape monitoring. A user with root access may load a module that...