FreeBSD kernel NFS client local vulnerabilities
| CENSUS ID: | CENSUS-2010-0001 |
| CVE ID: | CVE-2010-2020 |
| Affected Products: | FreeBSD 8.0-RELEASE, 7.3-RELEASE, 7.2-RELEASE |
| Class: | Improper Input Validation (CWE-20) |
| Remote: | No |
| Discovered by: | Patroklos Argyroudis |
We have discovered two improper input validation vulnerabilities in the FreeBSD kernel’s NFS client-side implementation (FreeBSD 8.0-RELEASE, 7.3-RELEASE and 7.2-RELEASE) that allow local unprivileged users to escalate their privileges, or to crash the system by performing a denial of service attack.
Monkey HTTPd improper input validation vulnerability
| CENSUS ID: | CENSUS-2009-0004 |
| Affected Products: | Monkey web server versions ≤ 0.9.2. |
| Class: | Improper Input Validation (CWE-20), Incorrect Calculation (CWE-682) |
| Remote: | Yes |
| Discovered by: | Patroklos Argyroudis |
We have discovered a remotely exploitable “improper input validation” vulnerability in the Monkey web server that allows an attacker to perform denial of service attacks by repeatedly crashing worker threads that process HTTP requests.
CoreHTTP web server off-by-one buffer overflow vulnerability
| CENSUS ID: | CENSUS-2009-0003 |
| CVE ID: | CVE-2009-3586 |
| Affected Products: | CoreHTTP web server versions ≤ 0.5.3.1. |
| Class: | Improper Input Validation (CWE-20), Failure to Constrain Operations within the Bounds of a Memory Buffer (CWE-119) |
| Remote: | Yes |
| Discovered by: | Patroklos Argyroudis |
We have discovered a remotely exploitable “improper input validation” vulnerability in the CoreHTTP web server that leads to an off-by-one stack buffer overflow. The vulnerability can lead to denial of service attacks against the web server and potentially to the remote execution of arbitrary code with the privileges of the user running the server.
Linux kernel SUNRPC off-by-two buffer overflow
| CENSUS ID: | CENSUS-2009-0005 |
| Affected Products: | Linux kernel versions from 2.6.32 to 2.6.32-rc7. |
| Class: | Off-by-two stack buffer overflow. |
| Discovered by: | Patroklos Argyroudis |
We have found an off-by-two stack buffer overflow in the Linux kernel SUNRPC implementation. Linux kernel versions from 2.6.32 to 2.6.32-rc7 are affected.