kernel: watchdog: ib700wdt.c - buffer_underflow bug

Buffer underflow in the ibwdtioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOCSETTIMEOUT IOCTL call...

Linux Kernel isdn_net_setcfg buffer overflow

Buffer overflow in the isdnnetsetcfg function in isdnnet.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdnioctl function...

kernel: missing capability checks in sbni_ioctl()

The sbniioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAPNETADMIN capability before processing a 1 SIOCDEVRESINSTATS, 2 SIOCDEVSHWSTATE, 3 SIOCDEVENSLAVE, or 4 SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass...

I4L: fix isdn_ioctl memory issue

The isdnioctl function in isdncommon.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow...

NOD32 3.0/ESET Smart Security < 3.0.684 Local Privilege Escalation

NOD32 3.0/ESET Smart Security is installed on the remote host. The installed version is older than 3.0.684. Such versions are reportedly affected by a local privilege escalation issue. By sending a specially crafted request to an IOCTL request handler in 'epfw.sys', a local user may be able to...

Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode

Solaris/SPARC - Bind TCP 2001/TCP Shell /bin/sh Shellcode. Shellcode exploit for SolarisSPARC platform !!! $Id: sparc-bind.s,v 1.1 2003/03/01 01:10:51 ghandi Exp $ !!! Bind /bin/sh to TCP port 2001. Calls setuid0 so /bin/sh won't !!! drop privileges. After assembly, change the third byte in the !...

Linux Kernel &lt; 2.6.26.4 - SCTP Kernel Memory Disclosure

/ cve-2008-4113.c Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113 The sctpgetsockopthmacident function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the...

CVE-2008-5725

The NT kernel-mode driver aka pstrip.sys 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory...

Cross site request forgery (csrf)

The NT kernel-mode driver aka pstrip.sys 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory...

Design/Logic Flaw

The PGPwded device driver aka PGPwded.sys in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service system crash and possibly gain privileges via a certain METHODBUFFERED IOCTL request that overwrites portions of memory, related to a "Driv...

Cross site request forgery (csrf)

The Personal Firewall driver aka epfw.sys 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHODNEITHER IOCTL request to \Device\Epfw that overwrites portions of memory...

CVE-2008-5731

The PGPwded device driver aka PGPwded.sys in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service system crash and possibly gain privileges via a certain METHODBUFFERED IOCTL request that overwrites portions of memory, related to a "Driv...

CVE-2008-5725

The NT kernel-mode driver aka pstrip.sys 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory...

CVE-2008-5725

The CVE affects the NT kernel-mode driver pstrip.sys (versions 5.0.1.1 and earlier) used by EnTech Taiwan PowerStrip (3.84 and earlier). The vulnerability arises from certain IRP parameters in an IOCTL sent to \Device\Powerstrip1, which can overwrite portions of memory and enable local privilege ...

PGP Desktop DoS

PGPweded.sys driver crashes the system on IOCTL processing...

PGP Desktop 9.0.6 (PGPwded.sys) Local Denial of Service Exploit

No description provided by source. --------------------------PGP Desktop 9.0.6 Denial Of Service--------------- Author: Giuseppe 'Evilcry' Bonfa' E-Mail: evilcry AT GMAIL DOT COM Profile: http://evilcry.netsons.org Website: http://evilfingers.com/ Release Date: 23/12/2008...

PGP Desktop 9.0.6 - PGPwded.sys Local Denial of Service

PGP Desktop 9.0.6 - PGPwded.sys Local Denial of Service --------------------------PGP Desktop 9.0.6 Denial Of Service--------------- Author: Giuseppe 'Evilcry' Bonfa' E-Mail: evilcry AT GMAIL DOT COM Profile: http://evilcry.netsons.org Website: http://evilfingers.com/ Release Date: 23/12/2008...

PGP Desktop 9.0.6 - &#039;PGPwded.sys&#039; Local Denial of Service

--------------------------PGP Desktop 9.0.6 Denial Of Service--------------- Author: Giuseppe 'Evilcry' Bonfa' E-Mail: evilcry AT GMAIL DOT COM Profile: http://evilcry.netsons.org Website: http://evilfingers.com/ Release Date: 23/12/2008 +-------------------------------------------------+ Product...

PGP Desktop 9.0.6 (PGPwded.sys) Local Denial of Service Exploit

Exploit for unknown platform in category dos / poc =============================================================== PGP Desktop 9.0.6 PGPwded.sys Local Denial of Service Exploit =============================================================== --------------------------PGP Desktop 9.0.6 Denial Of...

Null pointer dereference

tun in IP Tunnel in Solaris 10 and OpenSolaris snv01 through snv76 allows local users to cause a denial of service panic and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference...