CVE-2011-1677

mount in util-linux 2.19 and earlier does not remove the /etc/mtab lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors...

DEBIAN-CVE-2011-1677

mount in util-linux 2.19 and earlier does not remove the /etc/mtab lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors...

CVE-2011-1677

mount in util-linux 2.19 and earlier does not remove the /etc/mtab lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors...

CVE-2011-1680

ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors...

CVE-2011-1677

mount in util-linux 2.19 and earlier does not remove the /etc/mtab lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors...

UBUNTU-CVE-2011-1677

mount in util-linux 2.19 and earlier does not remove the /etc/mtab lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors...

CVE-2011-1680

CVE-2011-1680 concerns ncpmount in ncpfs 2.2.6 and earlier, where the /etc/mtab~ lock file is not removed after a failed attempt to add a mount entry. The entry notes unspecified impact and local attack vectors. Connected sources also indicate this issue is addressed alongside related CVEs (CVE-2...

CVE-2011-1677

CVE-2011-1677 affects the mount utility in util-linux

CVE-2011-1680

ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors...

CVE-2011-1677

mount in util-linux 2.19 and earlier does not remove the /etc/mtab lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors...

Linux Kernel "iriap_getvaluebyclass_indication()"缓冲区溢出漏洞

CVE ID: CVE-2011-1180 Linux 是一种类似于UNIX 计算机操作系统。 Linux Kernel "iriapgetvaluebyclassindication"在实现上存在缓冲区溢出漏洞，本地攻击者可利用此漏洞造成拒绝服务或控制受影响系统。 此漏洞源于net/irda/iriap.c中的"iriapgetvaluebyclassindication"内的边界错误，可通过超长名称或属性造成栈缓冲区溢出。 Linux kernel 2.6.x 厂商补丁： Linux -----...

OpenJDK Launcher incorrect processing of empty library path entries (6983554)

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.229 and earlier for Solaris and Linux allows local standalone applications to affect...

Linux Kernel "kvm_vcpu_events.interrupt.pad"字段本地信息泄露漏洞

BUGTRAQ ID: 45676 CVE ID: CVE-2010-4525 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在实现上存在漏洞，本地攻击者可利用此漏洞获取敏感信息。 某些版本的内核没有初始化kvmvcpuevents.interrupt.pad字段就将其拷贝到了用户态，导致内核信息泄露。 Linux kernel 2.6.33-rc4 - 2.6.34 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.kernel.org/...

Linux内核hmid_ds结构本地信息泄露漏洞

Linux内核是一个地方容易出现信息泄露漏洞。 本地攻击者可以利用此问题来获取敏感信息，可能导致进一步的攻击。 SuSE SUSE Linux Enterprise SDK 10 SP3 SuSE openSUSE 11.3 S.u.S.E. SUSE Linux Enterprise Server 10 SP3 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP3 RedHat Enterprise MRG v1 for Red Hat Enterprise Linux version 5 Red Hat Fedora 14 Red Hat...

Trend Micro Office Scan本地权限提升漏洞

Trend OfficeScan是一款企业级反病毒程序。 Trend OfficeScan TMTDI模块实现存在问题，本地攻击者可以利用此漏洞以高权限执行任意代码，从而实现权限的提升。 在版本10.0 Service Pack 1 Patch 2及版本10.5中发现此漏洞，其他版本也同样受到影响。 Trend Micro OfficeScan 10.x 厂商补丁： Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.antivirus.com/...

Linux Kernel "FBIOGET_VBLANK" IOCTL本地信息泄露漏洞

BUGTRAQ ID: 45062 CVE ID: CVE-2010-4079 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在实现上存在漏洞，本地攻击者可利用此漏洞获取敏感信息，从而有利于执行其他攻击。 V4L/DVB: ivtvfb: 防止读取未始化栈内存。FBIOGETVBLANK device ioctl允许未授权用户读取16字节的未始化栈内存，因为在栈上公布的fbvblank结构的“保留”的成员在复制给用户之前没有变更或清零。 Linux kernel 2.6.0 - 2.6.37 厂商补丁： Linux -----...

Linux Kernel "hdsp.c" IOCTL本地信息泄露漏洞

BUGTRAQ ID: 45063 CVE ID: CVE-2010-4081 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在实现上存在漏洞，本地攻击者可利用此漏洞获取敏感信息，可能有利于执行其他攻击。 hdspm.c和hdsp.c中的SNDRVHDSPIOCTLGETCONFIGINFO和 SNDRVHDSPIOCTLGETCONFIGINFO允许未授权用户读取未初始化内核栈内存，因为栈上公布的 hdspmconfiginfo的几个字段在复制给用户之前未改变或清零。 Linux kernel 2.6.0 - 2.6.37 厂商补丁：...

VSR Advisories: Linux RDS Protocol Local Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Linux RDS Protocol Local Privilege Escalation Release Date: 2010-10-19 Application: Linux Kernel Versions:...

kernel: tty: release_one_tty() forgets to put pids

The releaseonetty function in drivers/char/ttyio.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the putpid function, which has unspecified impact and local attack vectors...

[Bkis-03-2010] Vulnerability in Flash Slideshow Maker Vulnerability

Bkis-03-2010 Vulnerability in Flash Slideshow Maker Vulnerability 1. General Information Flash Slideshow Maker is a Flash album creator to make animated photo slide show with SWF file as the output format. Bkis has just detected a vulnerability in the software related to the processing of Flash...