USN-1133-1: Linux kernel vulnerabilities

Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2010-4342 Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A...

Symantec Backup Exec System Recovery 8.5 - Kernel Pointers Dereferences 0day

No description provided by source. include stdio.h include windows.h include winioctl.h include stdlib.h include string.h / Program : Symantec Backup Exec System Recovery 8.5 - 0day Homepage : http://www.symantec.com Discovery : 2009/12/23 Author Contacted : 2011/04/01 - No reply Author Contacted...

Symantec Backup Exec System Recovery 8.5 - Kernel Pointers Dereferences

Symantec Backup Exec System Recovery 8.5 - Kernel Pointers Dereferences include include include include include / Program : Symantec Backup Exec System Recovery 8.5 - 0day Homepage : http://www.symantec.com Discovery : 2009/12/23 Author Contacted : 2011/04/01 - No reply Author Contacted :...

kernel: drm_modeset_ctl signedness issue

Integer signedness error in the drmmodesetctl function in 1 drivers/gpu/drm/drmirq.c in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.38 and 2 sys/dev/pci/drm/drmirq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and...

kernel: xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1

The xfsfsgeometry function in fs/xfs/xfsfsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRYV1 ioctl call...

kernel: drm_modeset_ctl signedness issue

Integer signedness error in the drmmodesetctl function in 1 drivers/gpu/drm/drmirq.c in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.38 and 2 sys/dev/pci/drm/drmirq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and...

Integer overflow

Integer overflow in the agpgenericinsertmemory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service system crash via a crafted AGPIOCBIND agpioctl ioctl call...

Design/Logic Flaw

The agpgenericremovememory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service system crash via a crafted AGPIOCUNBIND agpioctl ioctl call, a different...

CVE-2011-2022

The agpgenericremovememory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service system crash via a crafted AGPIOCUNBIND agpioctl ioctl call, a different...

openSUSE Security Update : kernel (openSUSE-SU-2011:0346-1)

This update of the openSUSE 11.2 kernel fixes lots of security issues. Following security issues were fixed: CVE-2011-1493: In the rose networking stack, when parsing the FACNATIONALDIGIS facilities field, it was possible for a remote host to provide more digipeaters than expected, resulting in...

openSUSE Security Update : kernel (openSUSE-SU-2010:0895-2)

This security update of the SUSE Linux Enterprise 11 GA kernel updates the kernel to 2.6.27.54 and fixes various security issues and other bugs. Following security issues were fixed: CVE-2010-3310: Multiple integer signedness errors in net/rose/afrose.c in the Linux kernel allowed local users to...

Linux Kernel DRM IOCTL本地内存破坏漏洞

Bugtraq ID: 47639 CVE ID：CVE-2011-1013 Linux是一款开放源代码的操作系统。 drmmodesetctl没有正确校验输入参数。这个问题是因为crtc变量为符号类型，向modeset参数结构传递足够大的值会以负数处理，并且可绕过之后正确的范围检查。此变量之后用于索引变量，可导致越界写入零整数。 SuSE SUSE Linux Enterprise High Availability Extension 11 SP1 SuSE SUSE Linux Enterprise Desktop 11 SP1 SuSE openSUSE 11.4 OpenBSD...

Memory corruption

drivers/scsi/mpt2sas/mpt2sasctl.c in the Linux kernel 2.6.38 and earlier does not validate 1 length and 2 offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service memory corruption, or obtain sensitive information from...

CVE-2011-1495

drivers/scsi/mpt2sas/mpt2sasctl.c in the Linux kernel 2.6.38 and earlier does not validate 1 length and 2 offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service memory corruption, or obtain sensitive information from...

PT-2011-2916 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.38.1 Description: The issue is related to an array index error in the asihpi hpi ioctl function, located in the sound/pci/asihpi/hpioctl.c file of the AudioScience HPI driver. This error might allow local...

kernel: av7110 negative array offset

The dvbcaioctl function in drivers/media/dvb/ttpci/av7110ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service memory corruption or possibly have unspecified other impact via a negative value...

Microsoft Windows "afd.sys" 120CFh IOCTL处理拒绝服务漏洞

BUGTRAQ ID: 47279 Windows是微软发布的非常流行的操作系统。 Windows的AFD.sys驱动程序在实现上存在本地拒绝服务安全漏洞，本地攻击者可利用此漏洞使受影响系统不响应，造成拒绝服务。 此漏洞源于AFD.sys驱动程序在处理IOCTL时的错误，可致访问无效内存，通过特制的0x000120CF IOCTL造成崩溃。此漏洞在Windows XP SP3 afd.sys 版本 5.1.2600.5657上已确认，其他版本也可能受到影响。 Microsoft Windows XP Professional Microsoft Windows XP Home Editi...

kernel: heap contents leak for CAP_NET_ADMIN via ethtool ioctl

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAPNETADMIN capability for an ethtool ioctl call...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

kernel: drivers/net/cxgb3/cxgb3_main.c reading uninitialized stack memory

The cxgbextensionioctl function in drivers/net/cxgb3/cxgb3main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIOGETQSETNUM ioctl call...