Linux Kernel isdn_net_setcfg buffer overflow

Buffer overflow in the isdnnetsetcfg function in isdnnet.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdnioctl function...

CVE-2008-5396

Array index error in the 1 torisa.c and 2 dahdi/tor2.c drivers in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZTSPANCONFIG...

Buffer overflow

Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and earlier, and possibly 4.2.2, allows local users to cause a denial of service crash and possibly execute arbitrary code via long inputs to the 0x00222494 IOCTL...

Buffer overflow

Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger Elite 3.3.0 and earlier, and possibly other versions including 3.3.3, allows local users to gain privileges via long inputs to the 1 0x002224A4, 2 0x002224C0, and 3 0x002224CC IOCTL...

CVE-2008-5049

Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger Elite 3.3.0 and earlier, and possibly other versions including 3.3.3, allows local users to gain privileges via long inputs to the 1 0x002224A4, 2 0x002224C0, and 3 0x002224CC IOCTL...

Anti-Trojan Elite和Anti-Keylogger Elite IOCTL请求本地权限提升漏洞

BUGTRAQ ID: 32202 Anti-Trojan Elite和Anti-Keylogger Elite是ISecSoft推出的防木马和侦测键盘记录器工具。 Anti-Keylogger Elite的AKEProtect.sys驱动没有正确地验证通过IOCTL 0x002224A4、0x002224C0和0x002224CC所接收到的参数，Anti-Trojan Elite的Atepmon.sys驱动没有正确地验证通过IOCTL 0x00222494所接收到的参数，本地管理员启动Anti Trojan Elite或Anti-Keylogger...

Anti-Trojan Elite 4.2.1 - Atepmon.sys IOCTL Request Local Overflow Local Privilege Escalation

Anti-Trojan Elite 4.2.1 - Atepmon.sys IOCTL Request Local Overflow Local Privilege Escalation source: https://www.securityfocus.com/bid/32202/info ISecSoft Anti-Trojan Elite and Anti-Keylogger Elite are prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these...

Linux Kernel i915驱动drivers/char/drm/i915_dma.c内存破坏漏洞

BUGTRAQ ID: 31792 CVECAN ID: CVE-2008-3831 Linux Kernel是开放源码操作系统Linux所使用的内核。 在使用Intel G33系列芯片组的机器上，非root用户可以通过ioctl调用只有root用户才可以使用的i915内核驱动的i915setstatuspage函数。本地攻击者可以通过向驱动发送特制的IOCTL清零并重新映射内存位置。 Linux kernel 2.6.x Debian ------ Debian已经为此发布了一个安全公告（DSA-1655-1）以及相应补丁: DSA-1655-1：New Linux 2.6.24...

openSUSE 10 Security Update : kernel (kernel-5700)

The openSUSE 10.3 kernel was update to 2.6.22.19. This includes bugs and security fixes. CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP AUTH availability. This might be exploited remotely for a denial of service crash attack. CVE-2008-3528: The ext234 filesystem code fail...

CVE-2008-3831

The i915 driver in 1 drivers/char/drm/i915dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and 2 sys/dev/pci/drm/i915drv.c in OpenBSD does not restrict the DRMI915HWSADDR ioctl to the Direct Rendering Manager DRM master, which allows local users to cause a denial of service memory corruption...

CVE-2008-3831

The i915 driver in 1 drivers/char/drm/i915dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and 2 sys/dev/pci/drm/i915drv.c in OpenBSD does not restrict the DRMI915HWSADDR ioctl to the Direct Rendering Manager DRM master, which allows local users to cause a denial of service memory corruption...

Memory corruption

The i915 driver in 1 drivers/char/drm/i915dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and 2 sys/dev/pci/drm/i915drv.c in OpenBSD does not restrict the DRMI915HWSADDR ioctl to the Direct Rendering Manager DRM master, which allows local users to cause a denial of service memory corruption...

CVE-2008-3831

The i915 driver in 1 drivers/char/drm/i915dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and 2 sys/dev/pci/drm/i915drv.c in OpenBSD does not restrict the DRMI915HWSADDR ioctl to the Direct Rendering Manager DRM master, which allows local users to cause a denial of service memory corruption...

kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option

The sctpauthepsethmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTPAUTHHMACIDMAX, which...

CVE-2008-4451

The SysInspector AntiStealth driver esiasdrv.sys 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHODNEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer...

Null pointer dereference

The SysInspector AntiStealth driver esiasdrv.sys 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHODNEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer...

CVE-2008-4451

The CVE-2008-4451 entry concerns the SysInspector AntiStealth driver (esiasdrv.sys) version 3.0.65535.0 used by ESET System Analyzer Tool 1.1.1.0. The vulnerability allows local attackers to execute arbitrary code via a specific METHOD_NEITHER IOCTL to \Device\esiasdrv that overwrites a pointer. ...

CVE-2008-4445

The sctpauthepsethmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTPAUTHHMACIDMAX, which...

CVE-2008-4445

CVE-2008-4445 affects the Linux kernel SCTP implementation prior to 2.6.26.4. The vulnerability resides in sctp_auth_ep_set_hmacs (net/sctp/auth.c) where the identifier index is not validated against SCTP_AUTH_HMAC_ID_MAX when SCTP-AUTH is enabled. This can allow local users to obtain sensitive i...

CVE-2008-4363

DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service system crash or potentially execute arbitrary code via a certain DLMFENCIOCTL request to \.\DLKPFSDDevice that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was...