45 matches found
CVE-2024-46826 ELF: fix kernel.randomize_va_space double read
In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...
SUSE CVE-2004-1071
The binfmtelf loader binfmtelf.c in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code...
Ubuntu: Security Advisory (USN-103-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UPX 安全漏洞
UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX version 3.96, which stems from a Segmentaation error found in the invertptdynamic function of plxelf.cpp, where an attacker utilizes a crafted input file to allow invalid access to a memory...
openSUSE: Security Advisory for glibc (openSUSE-SU-2018:0089-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2018:0074-1)
This update for glibc fixes the following issues : - A privilege escalation bug in the realpath function has been fixed. CVE-2018-1000001, bsc1074293 - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. CVE-2017-1000408, CVE-2017-1000409, bsc1071319 - An issue in the co...
kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary
A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...
kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary
A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...
kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary
A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...
Linux Kernel (PonyOS 3.0) - ELF Loader Local Privilege Escalation
Linux Kernel PonyOS 3.0 - ELF Loader Local Privilege Escalation Exploit Title: PonyOS = 3.0 ELF loader privilege escalation Google Dork: if applicable Date: 29th May 2015 Exploit Author: Hacker Fantastic Vendor Homepage: www.ponyos.org Software Link: download link if available Version: 3.0 Tested...
Linux Kernel (PonyOS 3.0) - ELF Loader Local Privilege Escalation
Exploit Title: PonyOS = 3.0 ELF loader privilege escalation Google Dork: if applicable Date: 29th May 2015 Exploit Author: Hacker Fantastic Vendor Homepage: www.ponyos.org Software Link: download link if available Version: 3.0 Tested on: 3.0 CVE : N/A Source:...
SuSE 11.3 Security Update : Xen (SAT Patch Number 8063)
The Xen hypervisor and toolset has been updated to 4.2.206 to fix various bugs and security issues : The following security issues have been addressed : - Various integer overflows in the ELF loader were fixed. XSA-55. CVE-2013-2194 - Various pointer dereferences issues in the ELF loader were...
glibc: ld.so d_tag signedness error in elf_get_dynamic_info
Integer signedness error in the elfgetdynamicinfo function in elf/dynamic-link.h in ld.so in the GNU C Library aka glibc or libc6 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value...
Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/-2.6.12/-2.6.15 vulnerabilities (USN-347-1)
Sridhar Samudrala discovered a local Denial of Service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SOLINGER value, a local attacker could exploit this to crash the kernel. CVE-2006-4535 Kirill Korotaev discovered that the ELF loader on the ia64 and sparc...
Debian DSA-1082-1 : kernel-source-2.4.17 - several vulnerabilities
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability i...
USN-347-1: Linux kernel vulnerabilities
Sridhar Samudrala discovered a local Denial of Service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SOLINGER value, a local attacker could exploit this to crash the kernel. CVE-2006-4535 Kirill Korotaev discovered that the ELF loader on the ia64 and sparc...
Linux kernel DoS
Special SOLINGER value for SCTP socket causes system to crash. ELF loader vulnerability on 64-bit system causes system to crash on malformed ELF binary...
CVE-2004-0138
CVE-2004-0138 affects the Linux kernel 2.4 series prior to 2.4.25. The vulnerability lies in the ELF loader: a crafted ELF with an invalid interpreter arch triggers a BUG() when an invalid VMA is unmapped, allowing local denial of service (crash). The issue is mitigated by upgrading to 2.4.25 or ...
CVE-2004-0138
The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service crash via a crafted ELF file with an interpreter with an invalid arch architecture, which triggers a BUG when an invalid VMA is unmapped...
Ubuntu 4.10 / 5.04 / 5.10 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities (USN-263-1)
A flaw was found in the module reference counting for loadable protocol modules of netfilter. By performing particular socket operations, a local attacker could exploit this to crash the kernel. This flaw only affects Ubuntu 5.10. CVE-2005-3359 David Howells noticed a race condition in the addkey...