79 matches found
Linux GNU Debugger "debug_gdb_scripts"加载任意代码执行漏洞
BUGTRAQ ID: 50829 CVE ID: CVE-2011-4355 Linux是自由电脑操作系统内核,Linux所带的GNU Debugger gdb工具实现上存在漏洞,在定义了.debuggdbscripts后,gdb会从当前目录加载可疑文件,造成以当前用户权限执行任意代码。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.kernel.org/...
Linux Kernel 'hfs_mac2asc()'本地特权提升漏洞
BUGTRAQ ID: 50750 CVE ID: CVE-2011-4330 Linux是一款开放源代码的操作系统。 hfsmac2asc函数没有对作为参数传递的缓冲区大小进行正确边界检查,在畸形文件系统上src大小可超过HFSMAXNAMELEN。HFSMAXNAMELEN为31而src大小可设置为255无符号字符。 用户可控数据传递给调用hfsmac2asc的hfsreaddir函数可触发基于内核栈的溢出。 Linux内核的"hfsmac2asc"函数在实现上缓冲区溢出漏洞,本地攻击者可利用此漏洞以内核权限执行任意代码,造成完全控制受影响计算机。 Linux kernel 2.6....
Linux内核'IP GRE'模块空指针引用远程拒绝服务漏洞
Bugtraq ID: 47852 CVE ID:CVE-2011-1767 Linux是一款开放源代码的操作系统。 net/ipv4/ipgre.c中IP GRE模块初始化函数包含如下代码: 01 / 02 And now the modules code and kernel interface. 03 / 04 05 static int init ipgreinitvoid 06 07 int err; 08 09 printkKERNINFO "GRE over IPv4 tunneling driver\n"; 10 11 if...
kernel: panic in ib_cm:cm_work_handler
Race condition in the cmworkhandler function in the InfiniBand driver drivers/infiniband/core/cma.c in Linux kernel 2.6.x allows remote attackers to cause a denial of service panic by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer...
Race condition
Race condition in the cmworkhandler function in the InfiniBand driver drivers/infiniband/core/cma.c in Linux kernel 2.6.x allows remote attackers to cause a denial of service panic by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer...
CVE-2011-0695
CVE-2011-0695 is a race condition in the Linux kernel’s InfiniBand driver (cm_work_handler in drivers/infiniband/core/cma.c) on 2.6.x. The issue allows remote attackers to trigger a denial of service (panic) by issuing an InfiniBand request while other request handlers are active, causing an inva...
CVE-2010-1087
CVE-2010-1087 affects the Linux kernel family 2.6.x up to 2.6.33-rc5. The vulnerability is in nfs_wait_on_request (fs/nfs/pagelist.c) and can cause a denial of service (kernel OOPS) via unknown vectors related to truncating a file and an operation that is not interruptible. The impact is a DoS on...
CVE-2010-1083
The processcomplcompat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensiti...
Linux Kernel ip6_dst_lookup_tail()函数远程拒绝服务漏洞
CVECAN ID: CVE-2010-0437 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的ip6dstlookuptail函数中存在空指针引用漏洞。本地网络上的攻击者可以通过向目标系统发送IPv6通讯来触发这个漏洞,如果接收到IPv6报文时目标系统上dst-neighbour为空,就会导致系统崩溃 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Linux kernel 2.6.x hda-intel驱动本地拒绝服务漏洞
BUGTRAQ ID: 38348 Linux Kernel是开放源码操作系统Linux所使用的内核。 对于使用了hda-intel驱动的Linux Kernel操作系统,sound/pci/hda/hdaintel.c文件中的azxpositionok函数在执行计算时可能将0用作初始,导致内核崩溃。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Linux Kernel 64位Personality处理本地拒绝服务漏洞
BUGTRAQ ID: 38027 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在设置进程的personality时存在错误,本地用户在执行缺少ELF解释器的64位应用时可能触发分段错误,导致内核崩溃。 漏洞起因是fs/binfmtelf.c文件中的loadelfbinary函数,该函数在检查ELF解释器可用之前调用了 SETPERSONALITY,将之前的32位进程转换为了64位进程。如果execve成功,这不会导致问题,但在...
Linux Kernel 2.6.x - KVM pit_ioport_read() Local Denial of Service
Linux Kernel 2.6.x - KVM pitioportread Local Denial of Service source: https://www.securityfocus.com/bid/38038/info The Linux kernel is prone to a local denial-of-service vulnerability that affects the Kernel-based Virtual Machine KVM. Attackers with local access to a guest operating system can...
Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service
source: https://www.securityfocus.com/bid/38027/info The Linux kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause the affected kernel to crash, denying service to legitimate users. Versions prior to Linux kernel 2.6.33-rc6 are vulnerable. NOTE:...
Linux Kernel 2.6.x - Ext4 move extents ioctl Privilege Escalation
Linux Kernel 2.6.x - Ext4 move extents ioctl Privilege Escalation source: https://www.securityfocus.com/bid/37277/info Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. Exploits may allow attackers to execute arbitrary cod...
Linux Kernel 2.6.x - Ext4 'move extents' ioctl Privilege Escalation
source: https://www.securityfocus.com/bid/37277/info Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. Exploits may allow attackers to execute arbitrary code with kernel-level privileges and launch other attacks. Successfu...
Linux Kernel 2.6.x - pipe.c Local Privilege Escalation (2)
Linux Kernel 2.6.x - pipe.c Local Privilege Escalation 2 / source: https://www.securityfocus.com/bid/36901/info Linux kernel is prone to a local privilege-escalation vulnerability that is caused by a NULL-pointer dereference. Local attackers can exploit this issue to execute arbitrary code with...
Code injection
The tcffillnode function in net/sched/clsapi.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcmpad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified...
CVE-2009-3612
The tcffillnode function in net/sched/clsapi.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcmpad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified...
Linux Kernel get_random_int函数不充分随机数漏洞
Linux kernel 2.6.x CVE ID: CVE-2009-3238 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的drivers/char/random.c文件中的getrandomint函数所生成的随机数随机性不够,攻击者可以相对容易的预测返回值,绕过基于随机化的保护机制。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Linux Kernel tc_fill_tclass()函数本地信息泄露漏洞
BUGTRAQ ID: 36304 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的net/sched/schapi.c文件中的tcfilltclass函数没有清除某些结构成员便将其返回给了用户空间,这可能导致泄漏3个字节的未初始化内核内存。 Linux kernel 2.6.x Linux kernel 2.4.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...