CVE-2005-3257

The VT implementation vtioctl.c in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys...

USN-187-1: Linux kernel vulnerabilities

A Denial of Service vulnerability was detected in the stack segment fault handler. A local attacker could exploit this by causing stack fault exceptions under special circumstances scheduling, which lead to a kernel crash. CAN-2005-1767 Vasiliy Averin discovered a Denial of Service vulnerability ...

lk26.txt

Synopsis: Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability Product: Linux kernel Version: 2.6 up to and including 2.6.12-rc4 Vendor: http://www.kernel.org/ URL: CVE: CAN-2005-1589 Severity: local7 Date: May 16, 2005 Issue: ====== Two locally exploitable flaws have bee...

CVE-2005-2134

The vulnerability CVE-2005-2134 affects NetBSD 1.6–2.0.2, specifically the clcs and emuxki audio drivers. A local attacker can trigger a denial-of-service (kernel crash) by issuing the set-parameters ioctl to an audio device to simultaneously change the block size and set the pause state to unpau...

NetBSD audio drivers ioctl DoS

Division by zero during ioctl processing fo few audio cards types...

security flaw

Raw character devices raw.c in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589...

CVE-2005-1589

The CVE-2005-1589 issue affects the Linux kernel’s pktcdvd (and raw device) ioctl handler. In kernel 2.6.12-rc4 and earlier, pkt_ioctl in pktcdvd.c calls the wrong function when issuing an ioctl to the block device, which can leak kernel address space to user space. This local-privilege scenario ...

CVE-2005-1589

The pktioctl function in the pktcdvd block device ioctl handler pktcdvd.c in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users...

CVE-2005-1264

The CVE-2005-1264 issue is a concrete flaw in Linux kernel 2.6.x where raw devices (raw.c) call the wrong function before passing an ioctl to block devices, exposing kernel address space to userspace. This local, privilege-escalation risk is corroborated across multiple advisories (e.g., RHSA-200...

CVE-2005-1264

Raw character devices raw.c in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589...

CVE-2005-1589

The pktioctl function in the pktcdvd block device ioctl handler pktcdvd.c in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users...

CVE-2005-1264

Raw character devices raw.c in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589...

CVE-2005-1264

Raw character devices raw.c in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589...

Linux kernel pktcdvd privilege escalation

Rawdevice ioctl handler parameters are not checked...

[UNIX] Linux Kernel pktcdvd and rawdevice ioctl Race Condition

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2005-1399

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver...

CVE-2005-1399

CVE-2005-1399 affects FreeBSD 4.6–4.11 and 5.x–5.4, where insecure default permissions on the /dev/iir device allow unprivileged local users to issue restricted ioctl calls to access or modify data on hardware managed by the iir driver. This results in partial impacts to confidentiality, integrit...

FreeBSD-SA-05:06.iir

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:06.iir Security Advisory The FreeBSD Project Topic: Incorrect permissions on /dev/iir Category: core Module: sysdev Announced: 2005-05-06 Credits: Christian...

CVE-2005-0848

Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect tha...

CVE-2005-1126

The SIOCGIFCONF ioctl ifconf function in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory...