5901 matches found
Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite
/ CVE-2010-2963 Arbitrary write memory write via v4l1 compat ioctl. Kees Cook greets to drosenberg, spender, taviso / define GNUSOURCE include include include include include include "expframework.h" include include include include include include include include include include struct capheadert...
Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
No description provided by source. Source: http://www.securityfocus.com/bid/44242/info / CVE-2010-2963 Arbitrary write memory write via v4l1 compat ioctl. Kees Cook [email protected] greets to drosenberg, spender, taviso / define GNUSOURCE include stdio.h include unistd.h include stdlib.h include...
Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite
Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite // source: https://www.securityfocus.com/bid/44242/info / CVE-2010-2963 Arbitrary write memory write via v4l1 compat ioctl. Kees Cook greets to drosenberg, spender, taviso / define GNUSOURCE include include include include includ...
Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite
// source: https://www.securityfocus.com/bid/44242/info / CVE-2010-2963 Arbitrary write memory write via v4l1 compat ioctl. Kees Cook greets to drosenberg, spender, taviso / define GNUSOURCE include include include include include include "expframework.h" include include include include include...
linux/ARM - ifconfig eth0 and Assign Address
Exploit for linux/x86 platform in category shellcode ============================================ linux/ARM - ifconfig eth0 and Assign Address ============================================ / Title: arm-ifconfig Brief: Bring up eth0 and assign it the address 192.168.0.2 Author: Daniel Godas-Lopez /...
NetBSD 'SMBIOC_OPENSESSION' IOCTL本地拒绝服务漏洞
Bugtraq ID: 44288 NetBSD是一款基于BSD的操作系统。 netsmb文件系统内核模块不正确检查缓冲区限制,普通用户可使内核分配过大的内部缓冲区去处理请求,导致内存耗竭。 ioctl SMBIOCOPENSESSION中的长度参数为有符号类型,没有检查负值。 NetBSD 5.0.2 NetBSD 4.0.1 NetBSD 5.0 NetBSD 4.0 厂商解决方案 已经修补的源文件可从NetBSD CVS库中获得: CVS branch file revision ------------- ---------------- ----------- HEAD...
kernel security update
CentOS Errata and Security Advisory CESA-2010:0779 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring...
Ubuntu: Security Advisory (USN-1000-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
kernel: drivers/net/cxgb3/cxgb3_main.c reading uninitialized stack memory
The cxgbextensionioctl function in drivers/net/cxgb3/cxgb3main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIOGETQSETNUM ioctl call...
CVE-2010-3437
Integer signedness error in the pktfinddevfromminor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and system crash via a crafted index value i...
Integer overflow
Integer signedness error in the pktfinddevfromminor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and system crash via a crafted index value i...
Integer overflow
Multiple integer overflows in the sndctlnew function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 SNDRVCTLIOCTLELEMADD or 2...
CVE-2010-3437
Integer signedness error in the pktfinddevfromminor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and system crash via a crafted index value i...
CVE-2010-3442
Multiple integer overflows in the sndctlnew function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 SNDRVCTLIOCTLELEMADD or 2...
CVE-2010-3297
The eqlgmastercfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQLGETMASTRCFG ioctl call...
CVE-2010-3298
The hsogetcount function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...
CVE-2010-2537
The btrfsioctlclone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a 1 BTRFSIOCCLONE or 2 BTRFSIOCCLONERANGE ioctl call that specifies this file as a donor...
CVE-2010-2538
Integer overflow in the btrfsioctlclone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFSIOCCLONERANGE ioctl call...
Design/Logic Flaw
The cxgbextensionioctl function in drivers/net/cxgb3/cxgb3main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIOGETQSETNUM ioctl call...
Design/Logic Flaw
The btrfsioctlclone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a 1 BTRFSIOCCLONE or 2 BTRFSIOCCLONERANGE ioctl call that specifies this file as a donor...