Important: kernel security and bug fix update

kernel-2.4.21-53.EL - Fix ipv4 treason uncloaked message Anton Arapov 249237 - Fix ipv4 fib-sem-out-of-bounds checking Don Howard 250429 CVE-2007-2172 - Reset current-pdeathsignal on SUID binary execution Peter Zijlstra 251117 CVE-2007-3848 - Fix local DoS with corrupted elf on ia64 Don Howard...

CentOS 3 : kernel (CESA-2007:1049)

Updated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 3 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

kernel: Missing ioctl() permission checks in aacraid driver

The 1 aaccfgopen and 2 aaccompatioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges...

Apple Mac OS X AppleTalk套接字IOCTL内核本地栈溢出漏洞

CVECAN ID: CVE-2007-4267 Apple Mac OS X是苹果家族机器所使用的操作系统。 AppleTalk是Apple开发的一组网络协议。Mac OS X中负责向接口的路由表添加AppleTalk区的函数中存在栈溢出漏洞，本地攻击者可能利用此漏洞提升权限。 如果向AppleTalk套接字提交了恶意的ioctl请求的话，内核会使用用户提供的长度做为目标缓冲器的字节数，这可能会在内核中触发栈溢出，导致系统关闭或执行任意代码。 Apple Mac OS X 10.4 - 10.4.10 Apple MacOS X Server 10.4 - 10.4.10 临时解决方法...

CVE-2007-4686

Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service system shutdown or gain privileges via a crafted TIOCSETD ioctl request...

Stack overflow

Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table...

CVE-2007-4267

Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table...

CVE-2007-4267

Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table...

CVE-2007-4267

Apple Mac OS X 10.4–10.4.10 (and Mac OS X Server 10.4–10.4.10) contain a stack-based kernel overflow in the AppleTalk networking path. The vulnerability arises when an IOCTL adds an AppleTalk zone to a routing table, allowing a local attacker to cause arbitrary code execution with kernel privileg...

Novell Client for Windows NWFILTER.SYS驱动本地权限提升漏洞

BUGTRAQ ID: 26420 CVECAN ID: CVE-2007-5667 Novell Client是允许NetWare连接到Windows的工作站软件。 Novell Client在Windows系统上的驱动实现上存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 如果在基于Windows的操作系统上安装了Novell...

CVE-2007-5756

Multiple array index errors in the bpffilterinit function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode aka Table Management Extensions or TME, and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests...

Code injection

Multiple array index errors in the bpffilterinit function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode aka Table Management Extensions or TME, and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests...

CVE-2007-5756

CVE-2007-5756 : A local privilege-escalation flaw in WinPcap’s NPF.SYS driver (bpf_filter_init) arises from multiple array-indexing errors when handling IOCTLs, allowing crafted IOCTL requests to gain kernel-mode privileges. Affected: WinPcap up to version 4.0.1 (and variants used by Wireshark). ...

CVE-2007-5756

Multiple array index errors in the bpffilterinit function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode aka Table Management Extensions or TME, and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests...

WinPcap NPF.SYS bpf_filter_init函数本地权限提升漏洞

BUGTRAQ ID: 26409 CVECAN ID: CVE-2007-5756 WinPcap是WIN32平台上的网络分析和捕获数据包的链接库。 WinPcap的NPF.SYS设备驱动中的bpffilterinit函数存在无效的数组索引漏洞，这个函数的几处调用未经正确的边界检查便将用户所提供的输入值用作了数组索引。如果用特定的值执行了IOCTL请求，攻击者就可以破坏内核中的栈或池内存，导致执行任意指令。 通常在管理员使用WinPcap相关应用程序时会加载设备驱动，加载后正常用户都可以访问，使用这个驱动的程序退出后也不会卸载这个驱动，因此在手动卸载之前仍可利用。 WinPcap...

WinPcap driver array overflow

Array index overflow in kernel mode on IOCTL handling...

KLA10395 LPE vulnerability in WinPcap

Array index errors were found in WinPcap. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally via a specially designed IOCTL request. Original advisories WinPcap changelog Related products WinPcap CVE list CVE-2007-5756 high Solution...

Macrovision SafeDisc secdrv.sys Crafted METHOD_NEITHER IOCTL Local Overflow

Macrovision SafeDisc, a copy-protection application for Microsoft Windows, is installed on the remote host. The 'SECDRV.SYS' driver included with the version of SafeDisc currently installed on the remote host enables a local user to gain SYSTEM privileges using a specially crafted argument to the...

Sun Solaris Volume Manager本地拒绝服务漏洞

Sun Solaris是一款商业性质的UNIX操作系统。 Sun Solaris卷管理SVM ioctl2接口存在安全问题，本地攻击者可以利用漏洞使系统不稳定，造成拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun Solaris 9x86 Sun Solaris 9 Sun Solaris 10x86 Sun Solaris 10 补丁下载： Sun Solaris 9x86 Sun 122371-07 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -122371-07-1 Sun...

kernel security update

CentOS Errata and Security Advisory CESA-2007:0939 Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel is the cor...