This is a whitepaper discussing flaws in current stack protection mechanisms and alternate methods of exploiting stack overflows. The paper wastes no time rehashing old methods such as ret2libc or bruteforcing methods against ASLR on forked processes.
4e7ed680646bbcb7250b372e45b6466b0c75f778391612843c163ce4ccd1a39eUbuntu Security Notice 1837-1 - An information leak was discovered in the Linux kernel's crypto API. A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. An information leak was discovered in the Linux kernel's rcvmsg path for ATM (Asynchronous Transfer Mode). A local user could exploit this flaw to examine potentially sensitive information from the kernel's stack memory. Various other issues were also addressed.
a149e6791afe53949e5c21b09601ee39e3868e3706f7403265a6e6902dba012bUbuntu Security Notice 1835-1 - A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. A flaw was discovered in the Linux kernel's ftrace subsystem interface. A local user could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
538cf179b4264bbeab428807f8490f8849cdc99819a39590b205530445984644Ubuntu Security Notice 1836-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.
42d076c106745f487957ef7b40c9f50928e736a03fc9cad6e39cf873660a840eUbuntu Security Notice 1834-1 - A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. A flaw was discovered in the Linux kernel's ftrace subsystem interface. A local user could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
8e41d633140011cdf2b30daf96cf03e74a1fa2e124d4f2cea965b7093ae21e71Ubuntu Security Notice 1833-1 - Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.
4d5293bf941b5722cc6d5edd9647abe268ec879cb11d85d2e92c470be2f80158Matterdaddy Market version 1.4.2 and below suffers from cross site request forgery and arbitrary file upload vulnerabilities.
0b8140e53c7c0f1f92e8675c79e10a58397a4335cc65b525b3ae336d8c75f408Show In Browser 0.0.3 is a Ruby Gem that suffers from a file injection vulnerability, allowing arbitrary text to be opened in a browser.
d8ef5225f129ed45cb3685bdff5c084d39d71818984f62b5fb94e0176be4b90f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed