Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Updated 9 August 2005 The advisory text has been updated to show that this update fixed...

USN-103-1: Linux kernel vulnerabilities

Mathieu Lafon discovered an information leak in the ext2 file system driver. When a new directory was created, the ext2 block written to disk was not initialized, so that previous memory contents which could contain sensitive data like passwords became visible on the raw device. This is...

CVE-2005-0504

Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver moxa.c in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value...

Fedora Core 1 : kernel-2.4.22-1.2199.nptl (2004-251)

Paul Starzetz discovered flaws in the Linux kernel when handling file offset pointers. These consist of invalid conversions of 64 to 32-bit file offset pointers and possible race conditions. A local unprivileged user could make use of these flaws to access large portions of kernel memory. The...

linux kernel IEEE1394(Firewire) driver integer overflow vulnerabilities

Linux kernel IEEE 1394Firewire driver - integer overflows ----------------------------------------------------------- Link: http://www.linux1394.org/index.php Driver Description: IEEE 1394 is a standard defining a high speed serial bus. This bus is also named FireWire by Apple or i.Link by Sony...

security flaw

/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords...

CVE-2003-0960

CVE-2003-0960 refers to a vulnerability in OpenCA where, before 0.9.1.4, the system did not use the correct certificate in a chain when checking the serial, which could allow revoked or expired certificates to be accepted as valid. Multiple connected sources (SUSE advisory, OpenVAS/NASL/Nessus en...

CVE-2003-0461

/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords...

CVE-2003-0461

CVE-2003-0461 affects the Linux kernel 2.4.x family. The /proc/tty/driver/serial interface exposes the exact number of characters used in serial links, which could allow local users to infer sensitive information such as password lengths. Public advisories confirm fixes via kernel updates or acce...

CVE-2002-2203

Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information...

Слабая защита в XIRCOM REX6000 (unauthorized access)

PIN, защищающий устройство, может быть получен через последовательный порт...

CVE-1999-1022

serialports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program...

SGI IRIX 5.25.3 - serial_ports Local Privilege Escalation

SGI IRIX 5.25.3 - serialports Local Privilege Escalation source: https://www.securityfocus.com/bid/464/info A race condition exists in the serialports administrative program, as included by SGI in the 5.x Irix operating system. This race condition allows regular users to execute arbitrary command...