49 results (0.008 seconds)

CVSS: 7.9EPSS: 0%CPEs: 20EXPL: 4

CVE-2012-0217 – FreeBSD Intel SYSRET Privilege Escalation

https://notcve.org/view.php?id=CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. El modo de usuario Scheduler en el núcleo en Microsoft Windows Server v2008 R2 y R2 SP1 y Windows v7 Gold y SP1 sobre la plataforma x64 no maneja adecuadamente solicitudes del sistema, lo que permite a usuarios locales obtener privilegios a través de una aplicación modificada, también conocida como "vulnerabilidad de corrupción de memoria de modo de usuario Scheduler". It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. • https://www.exploit-db.com/exploits/46508 https://www.exploit-db.com/exploits/28718 https://www.exploit-db.com/exploits/20861 http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html http://lists.xen.org/archives/html/xen-devel/2012-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 23%CPEs: 1EXPL: 5

CVE-2001-1583 – Solaris 10 LPD - Arbitrary File Delete

https://notcve.org/view.php?id=CVE-2001-1583

lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. • https://www.exploit-db.com/exploits/1167 https://www.exploit-db.com/exploits/9921 https://www.exploit-db.com/exploits/16322 https://www.exploit-db.com/exploits/21097 http://marc.info/?l=bugtraq&m=99929694701826&w=2 http://metasploit.com/projects/Framework/modules/exploits/solaris_lpd_exec.pm http://www.derkeiler.com/Mailing-Lists/securityfocus/incidents/2001-08/0490.html http://www.osvdb.org/15131 http://www.securityfocus.com/bid/3274 https://exchange.xforce.ibmcloud.co • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

CVE-2001-0652 – Solaris 2.6/7/8 (SPARC) - xlock Heap Overflow

https://notcve.org/view.php?id=CVE-2001-0652

Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable. • https://www.exploit-db.com/exploits/21058 https://www.exploit-db.com/exploits/21059 http://marc.info/?l=bugtraq&m=99745571104126&w=2 http://www.securityfocus.com/bid/3160 https://exchange.xforce.ibmcloud.com/vulnerabilities/6967 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A131 •

CVSS: 4.6EPSS: 0%CPEs: 15EXPL: 3

CVE-2001-0565 – Solaris 2.5/2.6/7.0/8 - 'mailx -F' Local Buffer Overflow

https://notcve.org/view.php?id=CVE-2001-0565

Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option. • https://www.exploit-db.com/exploits/20772 https://www.exploit-db.com/exploits/20773 http://archives.neohapsis.com/archives/bugtraq/2001-05/0016.html http://online.securityfocus.com/archive/1/184210 http://www.kb.cert.org/vuls/id/446864 http://www.securityfocus.com/bid/2610 https://exchange.xforce.ibmcloud.com/vulnerabilities/8246 •

CVSS: 6.4EPSS: 3%CPEs: 2EXPL: 2

CVE-2001-0421 – Solaris 2.6 - FTP Core Dump Shadow Password Recovery

https://notcve.org/view.php?id=CVE-2001-0421

FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition. • https://www.exploit-db.com/exploits/20764 http://www.securityfocus.com/archive/1/177200 http://www.securityfocus.com/bid/2601 •