Lucene search
K

517 matches found

securityvulns
securityvulns
added 2006/12/06 12:0 a.m.41 views

FireWire IOCTL integer overflow in different BSD-based Unix system

Negative IOCTL paramter value allows read access to kernel memory...

4.4AI score
Exploits0References2Affected Software3
FreeBSD Advisory
FreeBSD Advisory
added 2006/12/06 12:0 a.m.15 views

FreeBSD-SA-06:25.kmem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:25.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in firewire4 Category: core Module: sysdev Announced: 2006-12-06 Credits: Rodrigo...

2.1CVSS6AI score0.00398EPSS
Exploits0
securityvulns
securityvulns
added 2006/12/06 12:0 a.m.53 views

FreeBSD Security Advisory FreeBSD-SA-06:25.kmem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:25.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in firewire4 Category: core Module: sysdev Announced: 2006-12-06 Credits: Rodrigo...

2.1CVSS6.1AI score0.00398EPSS
Exploits0
FreeBSD
FreeBSD
added 2006/12/06 12:0 a.m.43 views

FreeBSD -- Kernel memory disclosure in firewire(4)

Problem Description: In the FWGCROM ioctl, a signed integer comparison is used instead of an unsigned integer comparison when computing the length of a buffer to be copied from the kernel into the calling application. Impact: A user in the "operator" group can read the contents of kernel memory...

2.1CVSS6.3AI score0.00398EPSS
Exploits0
NVD
NVD
added 2006/11/21 11:7 p.m.27 views

CVE-2006-6013

Integer signedness error in the fwioctl FWIOCTL function in the FireWire IEEE-1394 drivers dev/firewire/fwdev.c in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows...

2.1CVSS6.3AI score0.00398EPSS
Exploits0References19
UbuntuCve
UbuntuCve
added 2006/11/21 11:7 p.m.43 views

CVE-2006-6013

Integer signedness error in the fwioctl FWIOCTL function in the FireWire IEEE-1394 drivers dev/firewire/fwdev.c in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows...

2.1CVSS5.9AI score0.00398EPSS
Exploits0References1
CVE
CVE
added 2006/11/21 11:0 p.m.53 views

CVE-2006-6013

The CVE-2006-6013 issue affects the FireWire (IEEE-1394) driver fwdev.c in several BSDs, where in the FW_GCROM ioctl a signed integer comparison is used to compute the length of a buffer copied from kernel memory, effectively enabling a local user to read arbitrary kernel memory contents when cro...

2.1CVSS6.2AI score0.00398EPSS
Exploits0References19Affected Software5
Cvelist
Cvelist
added 2006/11/21 11:0 p.m.26 views

CVE-2006-6013

Integer signedness error in the fwioctl FWIOCTL function in the FireWire IEEE-1394 drivers dev/firewire/fwdev.c in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows...

6.2AI score0.00398EPSS
Exploits0References19
securityvulns
securityvulns
added 2006/11/16 12:0 a.m.31 views

NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure

NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure 11/15/2006 Notice =================== This bug has been specially discovered for the Month of Kernel Bugs and to the Hackers to Hackers Conference III http://www.h2hc.org.br/en/. Summary =================== Firewir...

7.1AI score
Exploits0
CVE
CVE
added 2006/01/27 10:0 p.m.59 views

CVE-2002-1573

CVE-2002-1573 refers to an unspecified vulnerability in the Linux kernel’s pcilynx ieee1394 (pcilynx.c) driver, affected in kernels before 2.4.20 and related to wrap handling. The initial description notes unknown impact and attack vectors; public detail is limited. Public references describe the...

10CVSS6.4AI score0.02221EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/05/28 12:0 a.m.39 views

Fedora Core 3 : kernel-2.6.11-1.27_FC3 (2005-392)

Tue May 17 2005 Dave Jones - Remove the unused and outdated Xen patches from the FC3 tree. - Mon May 16 2005 Dave Jones - Rebase to 2.6.11.10, fixing CVE-2005-1264 - Thu May 12 2005 Dave Jones - Rebase to 2.6.11.9, fixing CVE-2005-1263 - Tue May 10 2005 Dave Jones - Fix two bugs in x86-64 page...

7.2CVSS5.7AI score0.01774EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2005/03/01 5:0 a.m.19 views

CVE-2004-1038

A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: th...

7.2CVSS5.9AI score0.00483EPSS
Exploits0References2
Cvelist
Cvelist
added 2004/11/16 5:0 a.m.22 views

CVE-2004-1038

A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: th...

6.1AI score0.00483EPSS
Exploits0References21
CVE
CVE
added 2004/11/16 5:0 a.m.52 views

CVE-2004-1038

CVE-2004-1038 describes a design error in the IEEE1394 (FireWire) specification that can allow attackers with physical access to read/write sensitive memory via a modified FireWire client, bypassing intended access restrictions. The issue is a local vulnerability in the FireWire stack that could ...

7.2CVSS6.1AI score0.00483EPSS
Exploits0References21Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/07/23 12:0 a.m.15 views

Fedora Core 2 : kernel-2.6.6-1.427 (2004-137)

An updated kernel is available that brings the kernel to the 2.6.7-rc3 base level. This new kernel provides a significant number of bug fixes and improvements for USB, the keyboard/mouse subsystem and the VM. This kernel also fixes the high profile bugs about not working on VIA C3 processors 1206...

5.7AI score
Exploits0References1
CVE
CVE
added 2004/07/13 4:0 a.m.59 views

CVE-2004-0658

CVE-2004-0658 describes an integer overflow in the hpsb_alloc_packet function of the IEEE 1394 (Firewire) driver (versions 2.4 and 2.6). This vulnerability can allow local users to cause a denial of service (crash) and potentially execute arbitrary code through the functions raw1394_write, state_...

7.2CVSS7.9AI score0.00432EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2004/06/23 12:0 a.m.30 views

Linux FireWire drivers integer overflow

Integer overflows in different functions...

5.8AI score
Exploits0References1Affected Software1
Rows per page
Query Builder