5986 matches found
CVE-2007-0773
CVE-2007-0773 is a local kernel vulnerability affecting the Linux kernel prior to 2.6.9-42.0.8 on Red Hat 4.4 where a NULL-pointer dereference in fput for 32‑bit ioctl on 64‑bit x86 systems can cause a kernel OOPS and denial of service. The issue is addressed by Red Hat Security Advisory RHSA-200...
Important: kernel security update
2.6.9-55.0.2.0.1 - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix for nfs open call taking longer issue Chuck Lever orabug 5580407 bz 219412 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with rds Zach...
Input validation
Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via...
CVE-2007-2965
CVE-2007-2965 concerns the Real-time Scanning component across multiple F-Secure products (Internet Security 2005–2007, Anti-Virus 2005–2007, and related Protection Service for Consumers 6.40 and earlier). The root cause is improper validation in IOCTL/I/O space handling, allowing a crafted I/O r...
Code injection
The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine SRE in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses...
CVE-2007-2174
The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine SRE in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses...
CVE-2007-2174
Affected software: ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm. The IOCTL handling in srescan.sys is vulnerable before version 5.0.156.0, permitting local users to execute arbitrary code via certain IOCTL lrp parameter addresses. No exploitation details are provided beyond thi...
CVE-2007-2174
The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine SRE in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses...
[Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation
CHECK POINT ZONE LABS PRODUCTS MULTIPLE LOCAL PRIVILEGE ESCALATION VULNERABILITIES Rubйn Santamarta [email protected] 04.20.2007 Affected products: + ZoneAlarm Srescan.sys v 5.0.155 and earlier Srescan.sys is exposed through the following Dos Device:“.SreScan”. Restricted accounts ,including...
iDefense Security Advisory 04.20.07: Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability
Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability iDefense Security Advisory 04.20.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 20, 2007 I. BACKGROUND Zone Alarm products provide security solutions such as anti-virus, firewall, spy-ware, and ad-ware...
Plash沙盒中进程TIOCSTI ioctl()权限提升漏洞
Plash是用于在沙盒中运行GNU/Linux程序的系统,以使程序只能获得最低权限。 Plash没有正确的限制沙盒中的进程通过TIOCSTI ioctl向终端的文件描述符插入字符,如果该终端上运行着shell的话,恶意的沙盒中进程就可能以该shell的权限执行任意命令。 Plash 1.17 临时解决方法: 代理访问stdin/stdout/stderr,通过cat管道传输: cat | pola-run ... 2&1 | cat 厂商补丁: Plash ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Design/Logic Flaw
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl...
CVE-2007-1400
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl...
CVE-2007-1400
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl...
CVE-2007-1400
Plash allows sandboxed processes to open /dev/tty via TIOCSTI, enabling local users to escape sandbox restrictions and send characters to a shell process on the same terminal to execute arbitrary commands. This CVE (CVE-2007-1400) is documented with a local-privilege/escalation impact and does no...
CVE-2006-7098
The Debian GNU/Linux 033-FNOSETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl...
madwifi <= 0.9.2.1 WPA/RSN IE Remote Kernel Buffer Overflow Exploit
No description provided by source. / ---- madwifi WPA/RSN IE remote kernel buffer overflow ------ expoit code by: sgrakkyu at antifork.org -- 10/1/2007 CVE: 2006-6332 Laurent BUTTI, Jerome RAZNIEWSKI, Julien TINNES for wpa .... memcpybuf, se-sewpaie, se-sewpaie1 + 2 .... .... the function re-uses...
Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow
/ ---- madwifi WPA/RSN IE remote kernel buffer overflow ------ expoit code by: sgrakkyu antifork.org -- 10/1/2007 CVE: 2006-6332 Laurent BUTTI, Jerome RAZNIEWSKI, Julien TINNES for wpa .... memcpybuf, se-sewpaie, se-sewpaie1 + 2 .... .... the function re-uses args in the stack before returning so...
[Reversemode Advisory] TrendMicro Products - multiple privilege escalation vulnerabilities.
Trend Micro Products Multiple Local Privilege Escalation Vulnerabilities Discovered by: Rubйn Santamarta [email protected] Affected products: Client / Server / Messaging Security for SMB – 3.5 PC-cillin Internet Security - 2007, Trend Micro AntiVirus – 2007 Trend Micro Anti-Spyware for SMB –...
Trend Micro病毒扫描引擎TMComm本地权限提升漏洞
Trend Micro病毒扫描引擎为桌面、服务器和网关提供杀毒功能。 Trend Micro的病毒扫描引擎中所捆绑的TmComm.sys驱动没有对\.\TmComm DOS设备接口设置安全的权限,对Everyone给予了写权限。这允许本地登录的用户通过IOCTL访问仅应由特权用户才能访问的功能。 此外,这个DOS设备接口的IOCTL处理器没有验证对其传送的地址,允许在内核(RING 0)环境中覆盖任意内存或执行任意指令。 Trend Micro PC-cillin Internet Security 2007 Trend Micro Antivirus 2007 Trend Micro...