Linux kernel rtnetlink information disclosure vulnerability

Linux kernel is an open source operating system. Linux kernel's rtnetlink fails to initialize padding bytes in the 'map' stack object, allowing a local attacker to exploit the vulnerability to obtain kernel information...

Linux kernel information disclosure vulnerability (CNVD-2016-02915)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the llc module of the Linux kernel, which stems from a program's failure to initialize the padding bytes in the 'info' stack...

Updated erlang packages fix CVE-2015-2774

Updated erlang packages fix security vulnerability: Erlang's TLS-1.0 implementation failed to check padding bytes, leaving it vulnerable to an issue similar to POODLE CVE-2015-2774...

IBM General Parallel File System Multiple Vulnerabilities (Windows) (POODLE)

A version of IBM General Parallel File System GPFS 3.5.x prior to 3.5.0.21 is installed on the remote Windows host. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that...

CUPS < 2.0.1 SSLv3 Legacy Encryption Vulnerability (POODLE)

According to its banner, the CUPS printer service installed on the remote host is a version prior to 2.0.1. It is, therefore, potentially affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes wh...

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

AIX OpenSSL Advisory : openssl_advisory11.asc (POODLE)

The version of OpenSSL installed on the remote host is affected by the following vulnerabilities : - An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks via memory leaks. CVE-2014-3513 - A man-in-the-middle MitM...

Amazon Linux AMI : nss (ALAS-2014-429) (POODLE)

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

kernel: information leak in sigaltstack

The dosigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack...

Linux Kernel <= 2.6.31-rc5 sigaltstack 4-Byte Stack Disclosure Exploit

Exploit for linux platform in category local exploits ====================================================================== Linux Kernel include include include include include include include include const int randcalls = 0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 13, 14, 16, 21, 22, 24, 25, 32, 33, 36...

gnutls record packet parsing DoS [GNUTLS-SA-2005-1]

The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutilscipher.c...

CVE-2005-1431

The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutilscipher.c...