166 matches found
kernel: sctp_getsockopt_hmac_ident information disclosure
The sctpgetsockopthmacident function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows loc...
kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option
The sctpauthepsethmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTPAUTHHMACIDMAX, which...
Linux Kernel 'SCTP'模块存在漏洞
BUGTRAQ ID: 31121 CVE ID:CVE-2008-3792 CNCVE ID:CNCVE-20083792 Linux是一款开放源代码的操作系统。 Linux内核'SCTP'模块存在多个安全问题,本地攻击者可以利用漏洞获得敏感信息或使内核崩溃。 问题代码如下: file: net/sctp/socket.c ... SCTPSTATIC int sctpgetsockoptstruct sock sk, int level, int optname, char user optval, int user optlen int retval = 0; int len;...
kernel: sctp: sctp_getsockopt_local_addrs_old() potential overflow
Integer overflow in the sctpgetsockoptlocaladdrsold function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service resource consumption and system outage via vectors involving a large...
CVE-2008-2826
Integer overflow in the sctpgetsockoptlocaladdrsold function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service resource consumption and system outage via vectors involving a large...
CVE-2007-1865
The CVE-2007-1865 entry concerns the Linux kernel used in Red Hat Enterprise Linux (RHEL) Beta 5.1.0, where the ipv6_getsockopt_sticky function may allow local users to read sensitive kernel memory contents via a negative len value. Multiple connected sources reiterate this, noting that the issue...
PT-2007-3212 · Red Hat · Red Hat
Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Linux RHEL Beta version 5.1.0 Description: The issue allows local users to potentially obtain sensitive information, specifically kernel memory contents. This is achieved through the ipv6 getsockopt sticky function in the...
Linux Kernel < 2.6.20.2 IPV6_Getsockopt_Sticky Memory Leak PoC
No description provided by source. / Linux Kernel IPV6GetsockoptSticky Memory Leak Proof Of Concept dreyer 07-2007 Osu, Tatakae, Sexy Pandas! Dumps to stdout the memory mapped between INI and END. CVE: CVE-2007-1000 BID: 22904 Affected: Linux Kernel 2.6.20.2...
security flaw
The ipv6getsockoptsticky function in net/ipv6/ipv6sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference...
linux-disclose-v2.txt
include include include include include include include define BUFSIZE 0x10000000 int mainint argc, char argv void mem = mmap0, BUFSIZE, PROTREAD | PROTWRITE, MAPANONYMOUS | MAPPRIVATE, 0, 0; if mem == void-1 printf"Alloc failed\n"; return -1; / SOCKDCCP, IPPROTODCCP / int s = socketPFINET, 6, 33...
Linux kernel DCCP information leak
Integer overflow in getsockopt for SOLDCCP gives ability to read content of kernel memory...
Linux Kernel 2.6.20 with DCCP Support - Memory Disclosure (1)
Linux Kernel 2.6.20 with DCCP Support - Memory Disclosure 1 / Linux Kernel DCCP Memory Disclosure Vulnerability Synopsis: The Linux kernel is susceptible to a locally exploitable flaw which may allow local users to steal data from the kernel memory. Vulnerable Systems: Linux Kernel Versions: =...
Linux Kernel 2.6.20 with DCCP Support - Memory Disclosure (1)
/ Linux Kernel DCCP Memory Disclosure Vulnerability Synopsis: The Linux kernel is susceptible to a locally exploitable flaw which may allow local users to steal data from the kernel memory. Vulnerable Systems: Linux Kernel Versions: = 2.6.20 with DCCP support enabled. Kernel versions 2.6.20 lack...
CVE-2007-1000
The ipv6getsockoptsticky function in net/ipv6/ipv6sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference...
Design/Logic Flaw
The ipv6getsockoptsticky function in net/ipv6/ipv6sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference...
CVE-2007-1000
The CVE-2007-1000 issue affects the Linux kernel up to version 2.6.20.2, where the ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c can trigger a NULL dereference through certain getsockopt calls, allowing local users to read arbitrary kernel memory. The vulnerability stems from a NULL...
CVE-2007-1000
The ipv6getsockoptsticky function in net/ipv6/ipv6sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference...
Linux setsockopt / getsockopt IPv6 DoS
IPV6RTHDR option with invalid value causes system crash...
security flaw
net/ipv4/netfilter/ipconntrackcore.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nfconntrackl3protoipv4.c in 2.6, does not clear sockaddrin.sinzero before returning IPv4 socket names from the getsockopt function with SOORIGINALDST, which allows local users to obtain portions of...
security flaw
net/ipv4/netfilter/ipconntrackcore.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nfconntrackl3protoipv4.c in 2.6, does not clear sockaddrin.sinzero before returning IPv4 socket names from the getsockopt function with SOORIGINALDST, which allows local users to obtain portions of...