Buffer overflow

Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information...

CVE-2010-3396

Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information...

Linux Kernel niu_get_ethtool_tcam_all()函数本地溢出漏洞

Linux Kernel是开放源码操作系统Linux所使用的内核。 drivers/net/niu.c文件中的niugetethtooltcamall函数假设其输出缓冲区已有足够大小，但该缓冲区是受用户控制的，且ETHTOOLGRXCLSRLALL非特权的ethtool命令。这允许本地用户发送特制的ETHTOOLGRXCLSRLALL IOCTL请求导致内核崩溃。 Linux kernel 2.6.x 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2010-2066

The mextcheckarguments function in fs/ext4/moveextent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVEEXT ioctl call that specifies this file as a donor...

Design/Logic Flaw

The mextcheckarguments function in fs/ext4/moveextent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVEEXT ioctl call that specifies this file as a donor...

CVE-2010-2066

The mextcheckarguments function in fs/ext4/moveextent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVEEXT ioctl call that specifies this file as a donor...

CVE-2010-2955

The CVE-2010-2955 issue affects the Linux kernel before 2.6.36-rc3-next-20100831, specifically the cfg80211_wext_giwessid function in net/wireless/wext-compat.c, which fails to initialize certain structure members. This enables a local attacker to exploit an off-by-one error in ioctl_standard_iw_...

CVE-2010-2066

CVE-2010-2066 affects the Linux kernel up to version 2.6.34. The flaw is in fs/ext4/move_extent.c: the mext_check_arguments routine, which can allow a local attacker to overwrite an append-only file when using the MOVE_EXT ioctl and designating that file as the donor. The issue arises from insuff...

CVE-2010-2066

The mextcheckarguments function in fs/ext4/moveextent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVEEXT ioctl call that specifies this file as a donor...

Arbitrary file deletion

The xfsswapext function in fs/xfs/xfsdfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file...

CVE-2010-2226

CVE-2010-2226 affects the Linux kernel: the xfs_swapext function in fs/xfs/xfs_dfrag.c does not properly validate file descriptors passed to the SWAPEXT ioctl, enabling a local user with write access to swap a file into another and gain read access. The issue is present in kernel versions before ...

CVE-2010-2226

The xfsswapext function in fs/xfs/xfsdfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file...

Ubuntu 8.04 LTS : linux regression (USN-974-2)

USN-974-1 fixed vulnerabilities in the Linux kernel. The fixes for CVE-2010-2240 caused failures for Xen hosts. This update fixes the problem. We apologize for the inconvenience. Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not properly handle when...

USN-974-2: Linux kernel regression

USN-974-1 fixed vulnerabilities in the Linux kernel. The fixes for CVE-2010-2240 caused failures for Xen hosts. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not...

Linux kernel 2.6.x DRM模块IOCTL请求信息泄露漏洞

BUGTRAQ ID: 42577 CVE ID: CVE-2010-2803 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的drivers/gpu/drm/drmdrv.c驱动中的drmioctl函数没有正确地清除内核内存便将其拷贝到了用户空间，这允许本地用户通过发送特制的IOCTL请求泄露敏感信息。成功利用这个漏洞要求用户又有对DRI路径的读写访问权限。 Linux kernel 2.6.x 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Ubuntu: Security Advisory (USN-974-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : linux, linux-{ec2,fsl-imx51,mvl-dove,source-2.6.15,ti-omap} vulnerabilities (USN-974-1)

Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not properly handle when applications grow stacks into adjacent memory regions. A local attacker could exploit this to gain control of certain applications, potentially leading to privilege escalation, as...

USN-974-1: Linux kernel vulnerabilities

Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not properly handle when applications grow stacks into adjacent memory regions. A local attacker could exploit this to gain control of certain applications, potentially leading to privilege escalation, as...

FreeBSD / NetBSD Coda file system information leak

Kernel memory information leak via IOCTL...

QQ Computer Manager TSKsp.sys Driver Denial Of Service

QQ Computer Manager TSKsp.sys Driver Local Denial of Service Vulnerability By Lufeng Li of Neusoft Corporation Vulnerable: QQpcmgr=v4.0Beta1 Vendor: Tencent Inc 1 Software Description: QQ doctors more than three years after the development and operation, and finally ushered in the fourth generati...