6 results (0.012 seconds)

CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 3

Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes. Niels Provos Systrace v1.6f y anteriores en las plataformas Linux x86_64 permite a usuarios locales evitar las restricciones de acceso previstas, mediante una syscal de 32 bit, con un número correspondiente a una llamada de 64 bit. Relacionada con las condiciones de carrera en la monitorización de procesos de 64 bit. • https://www.exploit-db.com/exploits/32751 http://scary.beasts.org/security/CESA-2009-001.html http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html http://www.citi.umich.edu/u/provos/systrace http://www.securityfocus.com/archive/1/500377/100/0/threaded http://www.securityfocus.com/bid/33417 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 0

Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset. Niels Provos libevent 1.2 y 1.2a permite a atacantes remotos provocar denegación de servicio (bucle infinito) a través de una respuesta DNS que contiene una puntero de etiqueta que referencia a su propio offset. • http://monkey.org/~provos/libevent http://osvdb.org/33228 http://secunia.com/advisories/24181 http://securityreason.com/securityalert/2268 http://www.securityfocus.com/archive/1/460530/100/0/threaded http://www.securityfocus.com/bid/22606 http://www.vupen.com/english/advisories/2007/0647 •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0

Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets. Vulnerabilidad no especificada en Niels Provos Honeyd anterior a 1.5b permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) mediante determinados paquetes ARP (Address Resolution Protocol). • http://secunia.com/advisories/21591 http://www.honeyd.org/release.php?version=1.5b http://www.securityfocus.com/bid/19614 http://www.vupen.com/english/advisories/2006/3329 https://exchange.xforce.ibmcloud.com/vulnerabilities/28480 •

CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 0

Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fragments that other IP stack implementations would drop, which allows remote attackers to identify IP addresses that are being simulated using honeyd. • http://secunia.com/advisories/18867 http://www.honeyd.org/adv.2006-01 http://www.honeyd.org/phpBB2/viewtopic.php?t=106 http://www.securityfocus.com/archive/1/425112/100/0/threaded http://www.securityfocus.com/bid/16595 http://www.vupen.com/english/advisories/2006/0552 https://exchange.xforce.ibmcloud.com/vulnerabilities/24728 •

CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 2

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges. • https://www.exploit-db.com/exploits/24113 ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.asc http://marc.info/?l=bugtraq&m=108432258920570&w=2 http://secunia.com/advisories/11585 http://www.securityfocus.com/bid/10320 https://exchange.xforce.ibmcloud.com/vulnerabilities/16110 •