exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2007-4573

Status Candidate

Overview

The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

Related Files

Symantec Messaging Gateway Backdoor / Privilege Escalation
Posted Nov 30, 2012
Authored by Ben Williams | Site nccgroup.com

Symantec Messaging Gateway version 9.5.3-3 suffers from backdoor account and privilege escalation vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2007-4573, CVE-2008-0009, CVE-2008-4210, CVE-2009-1046, CVE-2009-1337, CVE-2009-2692, CVE-2009-3547, CVE-2010-1146, CVE-2010-2959, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-3904, CVE-2010-4073, CVE-2010-4258, CVE-2010-4347
SHA-256 | 0037358302ea3ef9e579ea39b29f6aeedaab8ea3fd730436e1fe43363d09f8dc
Linux Kernel ia32syscall Emulation Local Root
Posted Sep 16, 2010
Authored by Venglin, Wojciech Purczynski, Robert Swiecki, Pawel Pisarczyk, Ben Hawkes

Local root exploit for the x86_64 Linux kernel ia32syscall emulation vulnerability. This is a variant of a vulnerability found back in 2007.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2007-4573, CVE-2010-3301
SHA-256 | a975a5a7e9e7bdcda51544b9df0e5c25b8e47ff9127f4b0b85f74f3553538ba9
Mandriva Linux Security Advisory 2008-105
Posted May 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Denial of service, out of bounds, race condition, and various other vulnerabilities have been patched in the Linux 2.6 kernel.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3740, CVE-2007-3851, CVE-2007-4133, CVE-2007-4573, CVE-2007-4997, CVE-2007-5093, CVE-2008-1375, CVE-2008-1669
SHA-256 | b348d7056d7c7999326caf977e83f0e7f35795711a865d85e90ae265f9a90eb3
dsa-1504.txt
Posted Feb 23, 2008
Site debian.org

Debian Security Advisory 1504 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2006-5823, CVE-2006-6054, CVE-2006-6058, CVE-2006-7203, CVE-2007-1353, CVE-2007-2172, CVE-2007-2525, CVE-2007-3105, CVE-2007-3739, CVE-2007-3740, CVE-2007-3848, CVE-2007-4133, CVE-2007-4308, CVE-2007-4573, CVE-2007-5093, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206
SHA-256 | d9234e89f15889ca0ed30e9932d41bab7de4afb38fb3aa7aca4a51d6e95b9ab4
Mandriva Linux Security Advisory 2008-008
Posted Jan 12, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A ridiculous amount of vulnerabilities have been addressed in the Linux 2.6 kernel for Mandriva.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3740, CVE-2007-4133, CVE-2007-4573, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2006-6058, CVE-2007-6063
SHA-256 | 273dd41aecd87f51b63ff47cc5aa3196118b5111297e3b63b32036740b57e3ce
Mandriva Linux Security Advisory 2007.196
Posted Oct 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The compat_sys_mount function in fs/compat.c allowed local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode. The nf_conntrack function in netfilter did not set nfctinfo during reassembly of fragmented packets, which left the default value as IP_CT_ESTABLISHED and could allow remote attackers to bypass certain rulesets using IPv6 fragments. A typo in the Linux kernel caused RTA_MAX to be used as an array size instead of RTN_MAX, which lead to an out of bounds access by certain functions. The IPv6 protocol allowed remote attackers to cause a denial of service via crafted IPv6 type 0 route headers that create network amplification between two routers. The random number feature did not properly seed pools when there was no entropy, or used an incorrect cast when extracting entropy, which could cause the random number generator to provide the same values after reboots on systems without an entropy source. A memory leak in the PPPoE socket implementation allowed local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. An integer underflow in the cpuset_tasks_read function, when the cpuset filesystem is mounted, allowed local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. The sctp_new function in netfilter allowed remote attackers to cause a denial of service by causing certain invalid states that triggered a NULL pointer dereference. A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size. The lcd_write function did not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die which delivered an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer ioctl patch in aacraid did not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. The IA32 system call emulation functionality, when running on the x86_64 architecture, did not zero extend the eax register after the 32bit entry path to ptrace is used, which could allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, root, protocol, memory leak
systems | linux, mandriva
advisories | CVE-2006-7203, CVE-2007-1497, CVE-2007-2172, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-3105, CVE-2007-3513, CVE-2007-3848, CVE-2007-4308, CVE-2007-4573
SHA-256 | 64832840334304a0ea0bb133dcd8a2e85f8bbea606fab02ea59dc6a77f2fed01
Mandriva Linux Security Advisory 2007.195
Posted Oct 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size. The lcd_write function did not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). The decode_choice function allowed remote attackers to cause a denial of service (crash) via an encoded out-of-range index value for a choice field which triggered a NULL pointer dereference. The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die which delivered an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer ioctl patch in aacraid did not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. The IA32 system call emulation functionality, when running on the x86_64 architecture, did not zero extend the eax register after the 32bit entry path to ptrace is used, which could allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, root
systems | linux, mandriva
advisories | CVE-2007-3105, CVE-2007-3513, CVE-2007-3642, CVE-2007-3848, CVE-2007-4308, CVE-2007-4573
SHA-256 | 7396d5929f8b6a093c3146935c5a3292400cad621bbfd5eb7745201a2c3287b1
Debian Linux Security Advisory 1381-2
Posted Oct 13, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1381-2 - Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. This is an update to DSA-1381-1 which included only amd64 binaries for linux-2.6. Builds for all other architectures are now available, as well as rebuilds of ancillary packages that make use of the included linux source.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2006-5755, CVE-2007-4133, CVE-2007-4573, CVE-2007-5093
SHA-256 | b586d327516507c29285a32fffb14b05faa559180e36a5557280f6d81c6f9b9c
Debian Linux Security Advisory 1381-1
Posted Oct 3, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1381-1 - Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2006-5755, CVE-2007-4133, CVE-2007-4573, CVE-2007-5093
SHA-256 | cb142bbb212bc8a4ee523afcc039eeaf35d933254f1ce4e7250650376e081ec5
Debian Linux Security Advisory 1378-2
Posted Sep 30, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1378-2 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573, CVE-2007-4849
SHA-256 | 0605e3e63d0b2b1a9ed33c2af397d4bac98e7c643acc8edde998a2b4b02aa190
Debian Linux Security Advisory 1378-1
Posted Sep 28, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1378-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Evan Teran discovered a potential local denial of service (oops) in the handling of PTRACE_SETREGS and PTRACE_SINGLESTEP requests. Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentionally relaxed permissions. Wojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavor. Michael Stone reported an issue with the JFFS2 filesystem. Legacy modes for inodes that were created with POSIX ACL support enabled were not being written out to the medium, resulting in incorrect permissions upon remount.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian, osx
advisories | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573, CVE-2007-4849
SHA-256 | a56c85f0ecdf3e651d2434a366021bc2c8d68d25429c3ec3ac903a06e6f3497b
Ubuntu Security Notice 518-1
Posted Sep 26, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 518-1 - Evan Teran discovered that the Linux kernel ptrace routines did not correctly handle certain requests robustly. Local attackers could exploit this to crash the system, causing a denial of service. It was discovered that hugetlb kernels on PowerPC systems did not prevent the stack from colliding with reserved kernel memory. Local attackers could exploit this and crash the system, causing a denial of service. It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges. Wojciech Purczynski discovered that the Linux kernel ia32 syscall emulation in x86_64 kernels did not correctly clear the high bits of registers. Local attackers could exploit this to gain root privileges.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573
SHA-256 | 707a8324e923c3b666125afd73e3124c380a5372e1844659bbf9ed0082e9b4cf
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close