This module exploits a vulnerability in FreeBSD. The FreeBSD virtual memory system allows files to be memory-mapped. All or parts of a file can be made available to a process via its address space. The process can then access the file using memory operations rather than filesystem I/O calls. Due to insufficient permission checks in the virtual memory system, a tracing process (such as a debugger) may be able to modify portions of the traced process's address space to which the traced process itself does not have write access.
A local user can invoke sendfile system call, with certain options to execute arbitrary code and gain privileged access.
Remote attackers can exploit this issue to execute arbitrary code with super-user privileges, compromising the security of the affected computers.
The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets.Some function pointers for netgraph and bluetooth sockets are not properly initialized. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted "socket()" system call, and allows an unprivileged process to elevate privileges to root or escape a FreeBSD jail.
This module exploits a kernel memory corruption in the Linux compatibility layer.
This module exploits a vulnerability in ESET Smart Security EPFW.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
This module exploits a vulnerability in ElbyCDIO.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
This module exploits a vulnerability in OpenBSD crontab entries that allow arbitrary commands execution as root. To exploit the vulnerability this exploit will create an agent in the target filesystem which will be automatically executed later (with root privileges) by a crontab vulnerable security entry (/etc/daily | mail). Once the agent gets executed, it is possible to connect to it. If the exploit succeeds, a new agent will be installed with root privileges.
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges. This module exploits this vulnerability.