kernel security update

CentOS Errata and Security Advisory CESA-2007:0939 Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel is the cor...

Important: kernel security update

2.6.9-55.0.12.0.1 - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix for nfs open call taking longer issue Chuck Lever orabug 5580407 bz 219412 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with rds Zach...

Buffer overflow

The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions Everyone:Write for the \.\Tmfilter device, which allows local users to send arbitrary content to the device via the...

Mandrake Linux Security Advisory : kernel (MDKSA-2007:195)

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool si...

Zaptel драйвер buffer overflow

Buffer overflow on oversized IOCTL interface name...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These ne...

kernel: Missing ioctl() permission checks in aacraid driver

The 1 aaccfgopen and 2 aaccompatioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges...

Microsoft Windows XP/2003 Macrovision SecDrv.sys privilege escalation (0day)

Hi, Symantec researcher Elia Florip has warned, at the company's weblog 1,of a 0day attack in Windows XP and 2003 that allows unprivileged users to gain SYSTEM privileges via a buggy driver installed by default. In his/her post, Elia brings us an important clue:"At the moment, it's still not clea...

Buffer overflow

Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argume...

CVE-2007-5587

Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argume...

Solaris fifofs I_PEEK Kernel Memory Disclosure Exploit (x86/sparc)

No description provided by source. / 10/2007: public release SPARC Solaris 8 without 109454-06 Solaris 9 without 117471-04 Solaris 10 without 127737-01 x86 Solaris 8 without 109455-06 Solaris 9 without 117472-04 Solaris 10 without 127738-01 ...

Solaris (SPARCx86) - fifofs I_PEEK Kernel Memory Disclosure

Solaris SPARCx86 - fifofs IPEEK Kernel Memory Disclosure / 10/2007: public release SPARC Solaris 8 without 109454-06 Solaris 9 without 117471-04 Solaris 10 without 127737-01 x86 Solaris 8 without 109455-06 Solaris 9 without 117472-04 Solaris 10 without 127738-01 Solaris fifofs IPEEK Kernel Memory...

Sun Solaris I_PEEK IOCTL处理器信息泄露漏洞

Sun Solaris是一款商业性质的操作系统。 Sun Solaris IPEEK IOCTL处理器存在整数无符号错误，本地攻击者可以利用漏洞获得内存敏感信息。 Sun Solaris内核提供的FIFO FS先进先出文件系统服务用于IPC通信，一个FIFO代表文件系统中的节点类似windows系统中的有名管道概念。 kernel FIFOs ioctl处理器存在漏洞，IPEEK ioctl用于进程查看包含在FIFO中的字节数，而实际该操作并清除队列中的消息。这个命令的其中一个参数代表要取数的字节数，是符号整数值，由于这个参数没有正确验证，提供负值可导致内核内存内容被泄露。 Sun...

Integer overflow

Integer signedness error in FIFO filesystems named pipes on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the IPEEK ioctl...

CVE-2007-5225

Integer signedness error in FIFO filesystems named pipes on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the IPEEK ioctl...

Sun Solaris FIFO filesystem information leak

Integer overflow on IOCTL processing allows large memory regions reading...

Input validation

The display driver allocattr functions in NetBSD 3.0 through 4.0BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service panic via a 1 negative or 2 large value in an ioctl call, as demonstrated by the vgaallocattr function...

CVE-2007-3654

The display driver allocattr functions in NetBSD 3.0 through 4.0BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service panic via a 1 negative or 2 large value in an ioctl call, as demonstrated by the vgaallocattr function...

CVE-2007-3654

The display driver allocattr functions in NetBSD 3.0 through 4.0BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service panic via a 1 negative or 2 large value in an ioctl call, as demonstrated by the vgaallocattr function...

Symantec Antivirus privilege escalation

It's possible to overwrite system memory regions with IOCTL 0x83022323 of symTDI device...