what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

FreeBSD 7.0 - 7.2 pseudofs NULL Pointer Dereference
Posted Sep 9, 2010
Authored by Przemyslaw Frasunek

FreeBSD versions 7.0 through 7.2 suffer from a pseudofs NULL pointer dereference vulnerability. Due to a spurious call to pfs_unlock() in pfs_getattr() (as defined in sys/fs/pseudofs/pseudofs_vnops.c), a null pointer is dereferenced after calling extattr_get_attribute() on pseudofs vnode. By allocating a page at address 0x0, an attacker can overwrite an arbitrarily chosen portion of kernel memory, leading to a crash or local root escalation.

tags | advisory, kernel, local, root
systems | freebsd
MD5 | ae95fee8dbe809a26ee1bc0179eb8bf6
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
U.S. Intelligence Says Huawei Funded By Chinese State Security
Posted Apr 20, 2019

tags | headline, government, usa, china, cyberwar, spyware, backdoor
Marcus Hutchins Pleads Guilty To Two Counts Of Banking Malware Creation
Posted Apr 20, 2019

tags | headline, hacker, government, malware, bank, usa, britain
Ransomware Ravages Municipalities Nationwide This Week
Posted Apr 20, 2019

tags | headline, government, malware, cybercrime, fraud
Facebook Fights To Shield Zuckerberg In US Privacy Probe
Posted Apr 20, 2019

tags | headline, government, privacy, usa, data loss, fraud, facebook, social
Weather Channel Knocked Off-Air In Dangerous Precedent
Posted Apr 19, 2019

tags | headline, denial of service
Facebook Security Lapse Affects Millions More Instragram Users Than First Stated
Posted Apr 19, 2019

tags | headline, privacy, data loss, password, facebook, social
Unexpected Security Feature In Microsoft Edge Subverts IE Security
Posted Apr 19, 2019

tags | headline, microsoft, flaw
Mueller Report Dives Into Russia And Trump
Posted Apr 19, 2019

tags | headline, government, usa, russia, fraud, fbi
State-Sponsored DNS Hijacking Infiltrates 40 Firms Globally
Posted Apr 18, 2019

tags | headline, hacker, government, dns, cyberwar
EA Origin Client Bug Allows Threat Actors To Run Remote Code
Posted Apr 18, 2019

tags | headline, flaw
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close