251 matches found
kernel: personality: fix PER_CLEAR_ON_SETID
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...
kernel: personality: fix PER_CLEAR_ON_SETID
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...
Mandriva Linux Security Advisory : kernel (MDVSA-2009:289)
Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easi...
USN-852-1: Linux kernel vulnerabilities
Solar Designer discovered that the z90crypt driver did not correctly check capabilities. A local attacker could exploit this to shut down the device, leading to a denial of service. Only affected Ubuntu 6.06. CVE-2009-1883 Michael Buesch discovered that the SGI GRU driver did not correctly check...
RedHat Security Advisory RHSA-2009:1438
The remote host is missing updates to the Linux kernel announced in advisory RHSA-2009:1438. This update fixes the following security issues: the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw t...
Null pointer dereference
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...
Linux Kernel PER_CLEAR_ON_SETID绕过安全限制漏洞
BUGTRAQ ID: 35647 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的PERCLEARONSETID mask没有包含有MMAPPAGEZERO和ADDRCOMPATLAYOUT,这可能允许本地用户绕过mmapminaddr保护,或禁用某些ASLR(地址空间布局随机化)功能。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 POSITRON SECURITY LLC http://www.positronsecurity.com/ Security Advisory 2009-001 Memcached and MemcacheDB ASLR Bypass Weakness Author: Joe Testa jt atsign positronsecuritydotcom Date: April 28th, 2009 URL:...
CheckPoint Secure Platform Multiple Buffer Overflows
Hi all, we have published a paper about CheckPoint Firewall-1 vulnerabilities. The platform tested is the Secure Platform R60. We have found many buffer overflows. Most of them are located in command line utilities that can be exploited locally. A very few of them maybe can be exploited remotely,...
PaX 2.6 Kernel Patch - Denial of Service
PaX 2.6 Kernel Patch - Denial of Service / source: https://www.securityfocus.com/bid/10264/info PaX for 2.6 series Linux kernels has been reported prone to a local denial of service vulnerability. The issue is reported to present itself when PaX Address Space Layout Randomization Layout ASLR is...
CVE-2004-1983
The archgetunmappedarea function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization ASLR is enabled, allows local users to cause a denial of service infinite loop via unknown attack vectors...