163 matches found
kernel: NFS: Fix an Oops when truncating a file
The nfswaitonrequest function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service Oops via unknown vectors related to truncating a file and an operation that is not interruptible...
kernel: ipv6: skb is unexpectedly freed
Use-after-free vulnerability in net/ipv4/tcpinput.c in the Linux kernel 2.6 before 2.6.20, when IPV6RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service kernel panic via a SYN packet while the socket is in a listening TCPLISTEN state, which is not properl...
CVE-2010-1087
CVE-2010-1087 affects the Linux kernel family 2.6.x up to 2.6.33-rc5. The vulnerability is in nfs_wait_on_request (fs/nfs/pagelist.c) and can cause a denial of service (kernel OOPS) via unknown vectors related to truncating a file and an operation that is not interruptible. The impact is a DoS on...
Linux Kernel ip6_dst_lookup_tail()函数远程拒绝服务漏洞
CVECAN ID: CVE-2010-0437 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的ip6dstlookuptail函数中存在空指针引用漏洞。本地网络上的攻击者可以通过向目标系统发送IPv6通讯来触发这个漏洞,如果接收到IPv6报文时目标系统上dst-neighbour为空,就会导致系统崩溃 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Linux kernel 2.6.x hda-intel驱动本地拒绝服务漏洞
BUGTRAQ ID: 38348 Linux Kernel是开放源码操作系统Linux所使用的内核。 对于使用了hda-intel驱动的Linux Kernel操作系统,sound/pci/hda/hdaintel.c文件中的azxpositionok函数在执行计算时可能将0用作初始,导致内核崩溃。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Moderate: Red Hat Security Advisory: systemtap security update
Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6...
Linux Kernel 2.6.x - KVM pit_ioport_read() Local Denial of Service
Linux Kernel 2.6.x - KVM pitioportread Local Denial of Service source: https://www.securityfocus.com/bid/38038/info The Linux kernel is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine KVM. Attackers with local access to a guest operating system can...
Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service
source: https://www.securityfocus.com/bid/38027/info The Linux kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause the affected kernel to crash, denying service to legitimate users. Versions prior to Linux kernel 2.6.33-rc6 are vulnerable. NOTE:...
Linux Kernel 2.6.x - Ext4 'move extents' ioctl Privilege Escalation
source: https://www.securityfocus.com/bid/37277/info Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. Exploits may allow attackers to execute arbitrary code with kernel-level privileges and launch other attacks. Successfu...
Linux Kernel 2.6.x - Ext4 move extents ioctl Privilege Escalation
Linux Kernel 2.6.x - Ext4 move extents ioctl Privilege Escalation source: https://www.securityfocus.com/bid/37277/info Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. Exploits may allow attackers to execute arbitrary cod...
Linux Kernel 2.6.x - pipe.c Local Privilege Escalation (2)
Linux Kernel 2.6.x - pipe.c Local Privilege Escalation 2 / source: https://www.securityfocus.com/bid/36901/info Linux kernel is prone to a local privilege-escalation vulnerability that is caused by a NULL-pointer dereference. Local attackers can exploit this issue to execute arbitrary code with...
Code injection
The tcffillnode function in net/sched/clsapi.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcmpad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified...
CVE-2009-3612
The tcffillnode function in net/sched/clsapi.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcmpad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified...
Linux Kernel get_random_int函数不充分随机数漏洞
Linux kernel 2.6.x CVE ID: CVE-2009-3238 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的drivers/char/random.c文件中的getrandomint函数所生成的随机数随机性不够,攻击者可以相对容易的预测返回值,绕过基于随机化的保护机制。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Linux Kernel tc_fill_tclass()函数本地信息泄露漏洞
BUGTRAQ ID: 36304 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的net/sched/schapi.c文件中的tcfilltclass函数没有清除某些结构成员便将其返回给了用户空间,这可能导致泄漏3个字节的未初始化内核内存。 Linux kernel 2.6.x Linux kernel 2.4.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Mandrake Security Advisory MDVSA-2009:205 (kernel)
The remote host is missing an update to kernel announced via advisory MDVSA-2009:205. OpenVAS Vulnerability Test $Id: mdksa2009205.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:205 kernel Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...
Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit
No description provided by source. / 0x82-CVE-2009-2698 Linux kernel 2.6 2.6.19 32bit ipappenddata local ring0 root exploit Tested White Box 42.6.9-5.ELsmp, CentOS 4.42.6.9-42.ELsmp, CentOS 4.52.6.9-55.ELsmp, Fedora Core 42.6.11-1.1369FC4smp, Fedora Core 52.6.15-1.2054FC5, Fedora Core...
Linux Kernel 2.6 2.6.19 (White Box 4 CentOS 4.44.5 Fedora Core 456 x86) - ip_append_data() Ring0 Privilege Escalation (1)
Linux Kernel 2.6 2.6.19 White Box 4 CentOS 4.44.5 Fedora Core 456 x86 - ipappenddata Ring0 Privilege Escalation 1 / 0x82-CVE-2009-2698 Linux kernel 2.6 . / include include include include include include include unsigned int uid, gid; void getrootuidunsigned task unsigned addr=task;...
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1)
/ 0x82-CVE-2009-2698 Linux kernel 2.6 . / include include include include include include include unsigned int uid, gid; void getrootuidunsigned task unsigned addr=task; whileaddr0!=uid||addr1!=uid||addr2!=uid||addr3!=uid addr++; addr0=addr1=addr2=addr3=0; / set uids / addr4=addr5=addr6=addr7=0; ...
Linux Kernel 2.6.x - driversnetr8169.c Out-of-IOMMU Error Local Denial of Service
Linux Kernel 2.6.x - driversnetr8169.c Out-of-IOMMU Error Local Denial of Service source: https://www.securityfocus.com/bid/36706/info The Linux kernel is prone to a local denial-of-service vulnerability that attackers can exploit to cause an affected computer to panic. Versions prior to the Linu...