5904 matches found
FreeBSD -- Insufficient credential checks in network ioctl(2)
Problem Description: As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code. Network interface drivers, however, assume tha...
CVE-2013-3956
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges...
Code injection
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges...
Integer overflow
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windo...
CVE-2013-3956
CVE-2013-3956 affects the NICM.SYS kernel driver (version 3.1.11.0) used by Novell Client 4.91 SP5 on Windows XP/2003, Novell Client 2 SP2 on Vista/2008, and Novell Client 2 SP3 on Windows Server 2008 R2/Win7/Win8/Server 2012. The vulnerability permits local privilege escalation via a crafted IOC...
CVE-2013-3956
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges...
Oracle Linux 5 : kernel (ELSA-2013-1034)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1034 advisory. - Revert: kernel kmod: make requestmodule killable Frantisek Hrbata 858752 858753 CVE-2012-4398 - Revert: kernel kmod: avoid deadlock from recursive km...
Oracle Linux 5 : Unbreakable enterprise kernel (ELSA-2010-2011)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-2011 advisory. - sctp Do not reset the packet during sctppacketconCVE-2010-3432 - drm/i915 Sanity check pread/pwrite CVE-2010-2962 - wireless fix kernel heap content...
Oracle Linux 5 : Important:kernel (ELSA-2007-0940)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0940 advisory. 2.6.18-8.1.15.0.1.el5 - Fix bonding primary=ethX Bert Barbe IT 101532 ORA 5136660 - Add entropy module option to e1000/bnx2 John Sobecki ORA 6045759...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2520)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-2520 advisory. - mm/hotplug: correctly add new zone to all other nodes' zone lists Jiang Liu Orabug: 16603569 CVE-2012-5517 - ptrace: ptraceresume shouldn't wake ...
Novell Client 2 SP3 nicm.sys Local Privilege Escalation
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...
Novell Client 2 SP3 nicm.sys Local Privilege Escalation
This module exploits a flaw in the nicm.sys driver to execute arbitrary code in kernel space. The vulnerability occurs while handling ioctl requests with code 0x143B6B, where a user provided pointer is used as function pointer. The module has been tested successfully on Windows 7 SP1 with Novell...
Novell Client 4.91 SP4 - 'nwfs.sys' Local Privilege Escalation (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...
kernel: block: default SCSI command filter does not accomodate commands overlap across device classes
block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...
Qualcomm acdb audio buffer overflow
The acdb audio driver provides an ioctl system call interface to user space clients for communication. When processing arguments passed to the ioctl handler, a user space supplied size is used to copy as many bytes from user space to a local stack buffer without proper bounds checking. An...
DEBIAN-CVE-2013-1928
The dovideosetspupalette function in fs/compatioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEOSETSPUPALETTE ioctl call on a /dev/dvb device...
CVE-2013-1928
The dovideosetspupalette function in fs/compatioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEOSETSPUPALETTE ioctl call on a /dev/dvb device...
CVE-2013-1928
The dovideosetspupalette function in fs/compatioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEOSETSPUPALETTE ioctl call on a /dev/dvb device...
Design/Logic Flaw
The dovideosetspupalette function in fs/compatioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEOSETSPUPALETTE ioctl call on a /dev/dvb device...
CVE-2013-1928
CVE-2013-1928 affects the Linux kernel prior to 3.6.5. The do_video_set_spu_palette function in fs/compat_ioctl.c lacks an error check, potentially enabling local attackers to read sensitive kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl on a /dev/dvb device. The issue is addressed...