kernel: thp: prevent hugepages during args/env copying into the user stack

mm/hugememory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page THP during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service memory consumption or possibly have unspecified other impact via ...

Symantec Backup Exec System Recovery 8.5 - Kernel Pointers Dereferences 0day

No description provided by source. include stdio.h include windows.h include winioctl.h include stdlib.h include string.h / Program : Symantec Backup Exec System Recovery 8.5 - 0day Homepage : http://www.symantec.com Discovery : 2009/12/23 Author Contacted : 2011/04/01 - No reply Author Contacted...

Symantec Backup Exec System Recovery 8.5 - Kernel Pointers Dereferences

Symantec Backup Exec System Recovery 8.5 - Kernel Pointers Dereferences include include include include include / Program : Symantec Backup Exec System Recovery 8.5 - 0day Homepage : http://www.symantec.com Discovery : 2009/12/23 Author Contacted : 2011/04/01 - No reply Author Contacted :...

CVE-2010-4243

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the 1 arguments and 2 environment, which allows local users to cause a denial of service memory consumption via a crafted exec system call, aka an "OOM dodging issue," a...

kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the 1 arguments and 2 environment, which allows local users to cause a denial of service memory consumption via a crafted exec system call, aka an "OOM dodging issue," a...

CVE-2010-3858

The setupargpages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIGSTACKGROWSDOWN is used, does not properly restrict the stack memory consumption of the 1 arguments and 2 environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of...

Sql injection

The setupargpages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIGSTACKGROWSDOWN is used, does not properly restrict the stack memory consumption of the 1 arguments and 2 environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of...

CVE-2010-3858

The setupargpages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIGSTACKGROWSDOWN is used, does not properly restrict the stack memory consumption of the 1 arguments and 2 environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of...

CVE-2010-3858

CVE-2010-3858 is a Linux kernel vulnerability described in MiracleLinux advisories as affecting fs/exec.c with CONFIG_STACK_GROWSDOWN. On 64-bit platforms, for 32-bit applications, the setup_arg_pages function does not properly constrain stack usage of arguments and environment, enabling local us...

CVE-2010-3858

The setupargpages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIGSTACKGROWSDOWN is used, does not properly restrict the stack memory consumption of the 1 arguments and 2 environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of...

kernel: exit_notify: kill the wrong capable(CAP_KILL) check

The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...

CVE-2009-1527

Race condition in the ptraceattach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACEATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect credexecmutex object...

Race condition

Race condition in the ptraceattach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACEATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect credexecmutex object...

kernel: exit_notify: kill the wrong capable(CAP_KILL) check

The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...

Gear Software CD DVD Filter driver privilege escalation vulnerability

Overview The Gear Software CD DVD Filter driver contains a privilege escalation vulnerability, which can allow an attacker to gain SYSTEM privileges. Description Gear Software provides a driver called CD DVD Filter, which is provided by GEARAspiWDM.sys. This driver is used by multiple CD/DVD...

Symantec Backup Exec System Recovery Manager Traversal Arbitrary File Access

The remote host appears to be running Symantec Backup Exec System Recovery Manager, a backup manager solution. The Tomcat servlet 'reportsfile' included in the version of Backup Exec System Recovery Manager installed on the remote host fails to properly sanitize user input to the 'filename'...

Backup Exec System Recovery Manager <= 7.0.1 File Upload Exploit

No description provided by source. ?xml version="1.0"? html xmlns="http://www.w3.org/1999/xhtml" headtitleFile Upload POC/title/head body h2 Backup Exec System Recovery Manager 7.0brFile Upload POC/h2 form action="https://TARGET:8443/axis/FileUpload" method="post" enctype="multipart/form-data"...

Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload

The remote host appears to be running Symantec Backup Exec System Recovery Manager, a backup manager solution. The version of Recovery Manager on the remote host includes the Tomcat Servlet 'FileUpload' that fails to validate the user input. An unauthenticated attacker may be able to exploit this...

backupexec-upload.txt

File Upload POC Backup Exec System Recovery Manager 7.0File Upload POC :8443/axis/FileUpload" method="post" enctype="multipart/form-data" Remote Path: File to upload: cBastardLabs 2008...

Backup Exec System Recovery Manager <= 7.0.1 File Upload Exploit

Exploit for unknown platform in category remote exploits ================================================================ Backup Exec System Recovery Manager File Upload POC Backup Exec System Recovery Manager 7.0File Upload POC :8443/axis/FileUpload" method="post" enctype="multipart/form-data"...