CVE-2011-4326

The udp6ufofragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload UFO configuration is enabled, allows remote attackers to cause a denial of service system crash by sending fragmented IPv6 UDP packets to a bridge device...

UBUNTU-CVE-2011-4326

The udp6ufofragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload UFO configuration is enabled, allows remote attackers to cause a denial of service system crash by sending fragmented IPv6 UDP packets to a bridge device...

kernel: wrong headroom check in udp6_ufo_fragment()

The udp6ufofragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload UFO configuration is enabled, allows remote attackers to cause a denial of service system crash by sending fragmented IPv6 UDP packets to a bridge device...

PT-2011-1067 · Suse +2 · Ext4Dev-Kmp-Trace +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.39 ext4dev-kmp-trace affected versions not specified Description: The issue allows remote attackers to cause a denial of service, potentially leading to a system crash. This can be achieved by sending...

Bypassing Cisco's ICMPv6 Router Advertisement Guard feature

To bypass the Router Advertisement Guarding feature in the very few Cisco switches and images that support it: Attack: ======= Make the evil Router Advertisement fragmented and put the ICMPv6 into the second fragment, eg. by putting a very large Destination extension header before the ICMPv6 part...

Researchers Propose New Steganography System for Hiding Data

A group of researchers has developed a new application that can hide sensitive data on a hard drive without encrypting it or leaving any obvious signs that the data is present. The new steganography system relies on the old principle of hiding valuables in plain sight. Developed by a group of...

PT-2011-1080 · Suse +1 · Suse Linux Enterprise +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.39.1 Description: The issue is related to the ldm frag add function in fs/partitions/ldm.c, which does not properly handle memory allocation for non-initial fragments. This might allow local users to conduct...

SuSE 10 Security Update : Novell ipsec tools (ZYPP Patch Number 6306)

This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. CVE-2009-1574 Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. CVE-2009-1632 %NASLMINLEVEL 70300 C Tenable Network...

MS-RPC over CIFS Fragmentation (CVE-2010-0102)

DCE/RPC stands for Distributed Computing Environment / Remote Procedure Calls. It is a Remote Procedure Call system that allows software to work across multiple computers, as if it were all working on the same computer. This system allows programmers to write distributed software without having t...

Wireshark - LWRES Dissector getaddrsbyname_request Buffer Overflow (Loop) (Metasploit)

$Id: wiresharklwresgetaddrbynameloop.rb 11126 2010-11-24 19:25:18Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

path-mtu NSE Script

Performs simple Path MTU Discovery to target hosts. TCP or UDP packets are sent to the host with the DF don't fragment bit set and with varying amounts of data. If an ICMP Fragmentation Needed is received, or no reply is received after retransmissions, the amount of data is lowered and another...

CVE-2010-0584

Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service device reload via crafted Skinny Client Control Protocol SCCP packets, aka Bug ID CSCsy09250...

Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow

Exploit for unknown platform in category remote exploits ======================================================================= Wireshark LWRES Dissector getaddrsbynamerequest Buffer Overflow loop ======================================================================= $Id:...

kernel: e1000e frame fragment issue

drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537...

CVE-2010-0295

lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service memory consumption by breaking a request into small pieces that are sent at a slow rate...

SuSE 10 Security Update : ipsec-tools (ZYPP Patch Number 6301)

This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. CVE-2009-1574 Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. CVE-2009-1632 %NASLMINLEVEL 70300 C Tenable Network...

openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-1007)

This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. CVE-2009-1574 Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. CVE-2009-1632 %NASLMINLEVEL 70300 C Tenable Network...

ipsec-tools: racoon NULL dereference in fragmentation code

racoon/isakmpfrag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service crash via crafted fragmented packets without a payload, which triggers a NULL pointer dereference...

Cisco Security Advisory: Cisco IOS NAT Skinny Call Control Protocol Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS NAT Skinny Call Control Protocol Vulnerability Advisory ID: cisco-sa-20080924-sccp http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml Revision 1.0 For Public Release 2008 September 24 1600 UTC GMT -...

CVE-2008-3810

Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol SCCP Fragmentation Support is enabled, allows remote attackers to cause a denial of service device reload via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811...