DESLock+ privilege escalation

Privilege escalation via IOCTL...

PT-2011-2420 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.38-rc2 Description: The issue is related to the dvb ca ioctl function in the Linux kernel, which does not properly check the sign of a certain integer field. This oversight allows local users to potentially...

CVE-2011-0652

lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service crash via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third party information...

SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7303)

This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. The following security issues were fixed : - A local attacker could use a Oops kernel crash caused by other flaws to write a 0 byte to a attacker controlled address in the kernel. This could lea...

CVE-2010-4655

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAPNETADMIN capability for an ethtool ioctl call...

Panda Global Protection 2010 Local Denial Of Service

include include include include include / Program : Panda Global Protection 2010 3.01.00 Homepage : http://www.pandasecurity.com Discovery : 2010/04/09 Author Contacted : 2010/07/15 Status of vuln : Patched ! Found by : Heurs This Advisory : Heurs Contact : [email protected] //-----...

Panda Global Protection 2010 - Local Denial of Service (unfiltered wcscpy())

Panda Global Protection 2010 - Local Denial of Service unfiltered wcscpy include include include include define SystemModuleInfo 11 / Program : Panda Global Protection 2010 3.01.00 Homepage : http://www.pandasecurity.com Discovery : 2010/04/09 Author Contacted : 2010/07/15 Status of vuln : Patche...

Look n stop - Local Denial of Service

Look n stop - Local Denial of Service include include include include include / Program : Look 'n' Stop 2.06p4 / 2.07 6.0.2900.5512 Homepage : http://www.looknstop.com Discovery : 2009/11/08 Author Contacted : 2010/07/15 ... no reply Found by : Heurs This Advisory : Heurs Contact :...

CVE-2011-0513

DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL...

kernel: gdth: integer overflow in ioc_general()

Integer overflow in the iocgeneral function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service memory corruption or possibly have unspecified other impact via a large argument in an ioctl call...

CVE-2010-4527

The loadmixervolumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensiti...

Buffer overflow

The loadmixervolumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensiti...

CVE-2010-4527

The loadmixervolumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensiti...

kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory

The sndhdsphwdepioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRVHDSPIOCTLGETCONFIGINFO ioctl call...

kernel: drivers/net/cxgb3/cxgb3_main.c reading uninitialized stack memory

The cxgbextensionioctl function in drivers/net/cxgb3/cxgb3main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIOGETQSETNUM ioctl call...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

kernel: drivers/video/via/ioctl.c: reading uninitialized stack memory

The viafbioctlgetviafbinfo function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFBGETINFO ioctl call...

kernel: drivers/char/nozomi.c: reading uninitialized stack memory

The nttyioctltiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

kernel: drivers/usb/serial/mos*.c: reading uninitialized stack memory

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the 1 mos7720ioctl function in...

kernel: bio: integer overflow page count when mapping/copying user data

Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service system crash via a crafted device ioctl to a SCSI device...