kernel: add rcu_read_lock() to fcheck() in both dnotify, locks.c and fix fcntl store/load race in locks.c

Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to 1 execute code in parallel or 2 exploit a race condition to obtain "re-ordered access to the descriptor table."...

Microsoft Windows Vista/2003/XP/2000 file management security issues

Title: Microsoft Windows Vista/2003/XP/2000 file management security issues Author: 3APA3A, http://securityvulns.com/ Vendor: Microsoft and potentially another vendors Products: Microsoft Windows Vista/2003/XP/2000, Microsoft resource kit for Windows 2000 and different utilities. Access Vector:...

security flaw

The timeoutleases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service kernel log message consumption by causing a large number of broken leases, which is recorded to the log using the printk function...

security flaw

Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the procfileread and locksreadproc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context...

Linux Kernel 2.6.10 - File Lock Local Denial of Service

Linux Kernel 2.6.10 - File Lock Local Denial of Service / source: https://www.securityfocus.com/bid/12949/info A local denial of service vulnerability reportedly affects the Linux kernel. This issue arises due to a failure of the kernel to properly handle malicious, excessive file locks. An...

Linux Kernel 2.6.10 - File Lock Local Denial of Service

/ source: https://www.securityfocus.com/bid/12949/info A local denial of service vulnerability reportedly affects the Linux kernel. This issue arises due to a failure of the kernel to properly handle malicious, excessive file locks. An attacker may leverage this issue to crash or hang the affecte...

PT-2005-1582 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.10 through 2.6.11rc1-bk6 Description: The issue arises from the Linux kernel using different size types for offset arguments to the proc file read and locks read proc functions. This discrepancy leads to a heap-based...

[SECURITY] [DSA-358-4] New kernel packages fix potential "oops"

-------------------------------------------------------------------------- Debian Security Advisory DSA 358-4 [email protected] http://www.debian.org/security/ Matt Zimmerman August 13th, 2003 http://www.debian.org/security/faq -...

CVE-2002-1827

Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the 1 alias, 2 map, 3 statistics, and 4 pid files...

CVE-2002-1827

Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the 1 alias, 2 map, 3 statistics, and 4 pid files...

CVE-1999-1363

CVE-1999-1363 affects Windows NT 3.51 and 4.0. The vulnerability allows a local attacker to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts NonPagedPool. The documented impact is a partial availability degradation; exploitation...

CVE-1999-1363

Windows NT 3.51 and 4.0 allow local users to cause a denial of service crash by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool...

SECURITY.NNOV: file locking and security

Hello bugtraq, Topic : File locking and security Author : 3APA3A [email protected] Affected software : Windows NT 4.0, Windows 2000 and may be another systems Exploitable : Yes Remotely exploitable : No Category : Design flow Background: Application can lock the file after file description ...

Linux Kernel 2.2/2.4 - Deep Symbolic Link Denial of Service

source: https://www.securityfocus.com/bid/3444/info A denial-of-service vulnerability exists in several versions of the Linux kernel. The problem occurs when a user with local access creates a long chain of symbolically linked files. When the kernel dereferences the symbolic links, the process...

pine.4.xx.lockfile.txt

Date: Sun, 5 Mar 1999 01:41:25 +0100 From: Michal Zalewski Lockfile vunerability in pine 4.xx Linux The problem is probably well known, but silently ignored by pine vendors. Unfortunately, it's possible to turn 'mostly harmless feature' in something nasty - following code allows various DoSes by...