Kernel: net: information leak in AF_KEY notify

The 1 keynotifysaflush and 2 keynotifypolicyflush functions in net/key/afkey.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of ...

Kernel: net: information leak in AF_KEY notify

The 1 keynotifysaflush and 2 keynotifypolicyflush functions in net/key/afkey.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of ...

Kernel: net: af_key: initialize satype in key_notify_policy_flush

The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...

Kernel: net: af_key: initialize satype in key_notify_policy_flush

The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...

Kernel: net: information leak in AF_KEY notify

The 1 keynotifysaflush and 2 keynotifypolicyflush functions in net/key/afkey.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of ...

DEBIAN-CVE-2013-2237

The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...

PT-2013-3611 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.10 Description: The issue affects the Linux kernel, where the key notify sa flush and key notify policy flush functions in net/key/af key.c do not properly initialize certain structure members. This allows loc...

PT-2013-3612 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.9 Description: The issue concerns the key notify policy flush function in the Linux kernel, which fails to initialize a certain structure member. This allows local users to obtain sensitive information from...

UBUNTU-CVE-2013-2237

The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...

Code injection

The SIP implementation in Cisco TelePresence TC Software allows remote attackers to trigger unintended use of NOTIFY messages via unspecified vectors, aka Bug ID CSCud96080...

CVE-2013-3401

The SIP implementation in Cisco TelePresence TC Software allows remote attackers to trigger unintended use of NOTIFY messages via unspecified vectors, aka Bug ID CSCud96080...

CVE-2013-3401

The CVE-2013-3401 issue affects the SIP implementation in Cisco TelePresence TC Software. It arises from errors in the SIP stack that allow an unauthenticated, remote attacker to cause unintended NOTIFY messages, potentially impacting the integrity of communications. Cisco’s advisory notes that e...

Cisco TC Software SIP Implementation Vulnerability

A vulnerability in the Session Initiation Protocol SIP implementation used in TC Software could allow an unauthenticated, remoteattacker to cause an endpoint to process unintended SIP NOTIFY messages. The vulnerability is due to errors in the SIP implementation. An attacker could exploit this...

Unbreakable Enterprise kernel security and bug fix update

2.6.39-400.17.1 - This is a fix on dlmcleanmasterlist Xiaowei.Hu - RDS: fix rds-ping spinlock recursion jeff.liu Orabug: 16223050 - vhost: fix length for cross region descriptor Michael S. Tsirkin Orabug: 16387183 CVE-2013-0311 - kabifix: block/scsi: Allow request and error handling timeouts to b...

Google to Notify Users of DNSChanger Infections Ahead of July 9 Deadline

With a deadline for users to disinfect their computers or potentially lose Internet access thanks to the DNSchanger malware, Google is undertaking an effort to notify infected users through messages on search results pages. The federal government also is working to warn users about the infections...

Discuz! x1.5 api-trade-notify-credit.php sql注入漏洞

No description provided by source...

kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message

Buffer overflow in the fusenotifyinvalentry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service BUGON and system crash by leveraging the ability to mount a FUSE filesystem...

ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-007 January 5, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Novell - --...

Novell Netware XNFS.NLM STAT Notify Remote Code Execution

Application: Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability Platforms: Novell Netware 6.5 SP8 Exploitation: Remote code execution CVE Number: Novell TID: 5117430 ZDI: ZDI-12-07 PRL: 2012-01 Author: Francis Provencher Protek Research Lab's Website:...

Novell Netware - XNFS.NLM STAT Notify Remote Code Execution

Novell Netware - XNFS.NLM STAT Notify Remote Code Execution Application: Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability Platforms: Novell Netware 6.5 SP8 Exploitation: Remote code execution CVE Number: Novell TID: 5117430 ZDI: ZDI-12-07 PRL: 2012-01 Author: Francis...