kernel: possible kernel oops from user MSS

The dotcpsetsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCPMAXSEG aka MSS values, which allows local users to cause a denial of service OOPS via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect u...

Design/Logic Flaw

The dotcpsetsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCPMAXSEG aka MSS values, which allows local users to cause a denial of service OOPS via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect u...

FreeBSD Security Advisory (FreeBSD-SA-06:25.kmem.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:25.kmem.asc ADV FreeBSD-SA-06:25.kmem.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft In...

FreeBSD-SA-06:25.kmem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:25.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in firewire4 Category: core Module: sysdev Announced: 2006-12-06 Credits: Rodrigo...

CVE-2002-1572

Signed integer overflow in the bttvread function in the bttv driver bttv-driver.c in Linux kernel before 2.4.20 has unknown impact and attack vectors...

CVE-2003-0372

Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service core dump and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script...

CVE-2002-1373

Signed integer vulnerability in the COMTABLEDUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service crash or hang in mysqld by causing large negative integers to be provided to a memcpy call...

DSA-212 mysql - multiple problems

Bulletin has no description...

RUS-CERT Advisory 2002-08:01: Incorrect integer overflow detection in C code

Incorrect integer overflow detection in C code A widely used method of detecting integer overflows results in undefined behavior according to the C standard. Who Should Read This Document This advisory deals with with details of the C programming language. It is targeted at C programmers. Systems...

Sendmail 8.118.12 Debugger - Arbitrary Code Execution (3)

Sendmail 8.118.12 Debugger - Arbitrary Code Execution 3 source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for...

Sendmail 8.118.12 Debugger - Arbitrary Code Execution (1)

Sendmail 8.118.12 Debugger - Arbitrary Code Execution 1 // source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for...

Sendmail 8.118.12 Debugger - Arbitrary Code Execution (4)

Sendmail 8.118.12 Debugger - Arbitrary Code Execution 4 source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for...

Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (1)

// source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments supplied from the command line wit...

Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (2)

// source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments supplied from the command line wit...

Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (4)

source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments supplied from the command line with t...

Fetchmail 5.x - POP3 Reply Signed Integer Index

Fetchmail 5.x - POP3 Reply Signed Integer Index // source: https://www.securityfocus.com/bid/3164/info Fetchmail is a unix utility for downloading email from mail servers via POP3. Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. The...

Fetchmail 5.x - IMAP Reply Signed Integer Index

Fetchmail 5.x - IMAP Reply Signed Integer Index // source: https://www.securityfocus.com/bid/3166/info Fetchmail is a unix utility for downloading email from mail servers via POP3 and IMAP. Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. Th...

Fetchmail 5.x - POP3 Reply Signed Integer Index

// source: https://www.securityfocus.com/bid/3164/info Fetchmail is a unix utility for downloading email from mail servers via POP3. Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. The vulnerability has to do with the use of a remotely...

Fetchmail 5.x - IMAP Reply Signed Integer Index

// source: https://www.securityfocus.com/bid/3166/info Fetchmail is a unix utility for downloading email from mail servers via POP3 and IMAP. Fetchmail contains a vulnerability that may allow for remote attackers to gain access to client systems. The vulnerability has to do with the use of a...