The GNU C library (GNU glibc) is prone to a local privilege-escalation vulnerability. This module exploits the vulnerability to install an agent with root privileges.
The bdfReadCharacters() function in the libXfont component of X.Org is prone to a stack-based buffer overflow vulnerability when parsing a specially crafted BDF font file. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges.
Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will facilitate the complete compromise of affected computers.
On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. FreeBSD is vulnerable to this issue due to insufficient sanity checks when returning from a system call. This module exploits the vulnerability and installs an agent with root privileges.
Due to spurious call to pfs_unlock() in pfs_getattr() (as defined in sys/fs/pseudofs/pseudofs_vnops.c), null pointer is dereferenced after calling extattr_get_attribute() on pseudofs vnode. By allocating page at address 0x0, attacker can overwrite arbitrarily chosen portion of kernel memory, leading to crash or local root escalation. This module exploits the vulnerability via the procfs file system, obtaining root privileges.
Improper input validation in the FreeBSD kernel's NFS client-side implementation allows local unprivileged users to escalate their privileges and execute arbitrary code with root permissions. The function nfs_mount() in file src/sys/nfsclient/nfs_vfsops.c, which is reachable from the mount and nmount system calls, employs an insufficient input validation method for copying data passed in a structure of type nfs_args from userspace to kernel. Specifically, the file handle buffer to be mounted (args.fh) and its size (args.fhsize) are completely user-controllable. This vulnerability can cause a kernel stack overflow which leads to privilege escalation.
Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted mount or nmount system call, related to copying of "user defined data" in "certain error conditions".
This module exploits a vulnerability in FreeBSD. The FreeBSD virtual memory system allows files to be memory-mapped. All or parts of a file can be made available to a process via its address space. The process can then access the file using memory operations rather than filesystem I/O calls. Due to insufficient permission checks in the virtual memory system, a tracing process (such as a debugger) may be able to modify portions of the traced process's address space to which the traced process itself does not have write access.
A local user can invoke sendfile system call, with certain options to execute arbitrary code and gain privileged access.
Remote attackers can exploit this issue to execute arbitrary code with super-user privileges, compromising the security of the affected computers.