CVE-2006-3824

systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness...

Solaris <= 10 sysinfo() Local Kernel Memory Disclosure Exploit

Exploit for solaris platform in category local exploits ============================================================== Solaris include include include define bufsize 1294967293 int mainint argc,char argv int fd; ssizet out; char outputbuffer; ifargc \n"; exit1; printf" Solaris = 10 sysinfo kernel...

Solaris &lt;= 10 sysinfo() Local Kernel Memory Disclosure Exploit

No description provided by source. / Sun Microsystems Solaris sysinfo Kernel Memory Disclosure exploit =================================================================== Local exploitation of an integer overflow vulnerability in Sun Microsystems Inc. Solaris allows attackers to read kernel memor...

Sun Solaris information leak

sysinfo function leaks kernel memory content...

iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo&#40;&#41; Kernel Memory Disclosure Vulnerability

Sun Microsystems Solaris sysinfo Kernel Memory Disclosure Vulnerability iDefense Security Advisory 07.20.06 http://www.idefense.com/application/poi/display?type=vulnerabilities July 20, 2006 I. BACKGROUND Solaris is a UNIX operating system developed by Sun Microsystems. II. DESCRIPTION Local...

Solaris 10 - sysinfo() Local Kernel Memory Disclosure (1)

Solaris 10 - sysinfo Local Kernel Memory Disclosure 1 / Sun Microsystems Solaris sysinfo Kernel Memory Disclosure exploit =================================================================== Local exploitation of an integer overflow vulnerability in Sun Microsystems Inc. Solaris allows attackers t...

Solaris 10 - &#039;sysinfo()&#039; Local Kernel Memory Disclosure (1)

/ Sun Microsystems Solaris sysinfo Kernel Memory Disclosure exploit =================================================================== Local exploitation of an integer overflow vulnerability in Sun Microsystems Inc. Solaris allows attackers to read kernel memory from a non-privileged userspace...

Microsoft Windows Server Driver Remote Information Disclosure Vulnerability

Description Microsoft Windows Server driver is susceptible to a remote information-disclosure vulnerability. This issue is due to a flaw in the handling of certain SMB traffic. Exploiting this issue allows remote attackers to gain access to potentially sensitive fragments of kernel memory. This m...

Code injection

Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required accessok checks, which allows local users to read arbitrary kernel memory on 64-bit systems signal64.c and cause a denial of service crash and possibly read kernel memory on 32-bit systems...

CVE-2006-2448

Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required accessok checks, which allows local users to read arbitrary kernel memory on 64-bit systems signal64.c and cause a denial of service crash and possibly read kernel memory on 32-bit systems...

Kaspersky Antivirus multiple vulnerabilities

Unsafe kernel mode components implementation leads to Denial of Service and potentially to privilege elevation. Most serious problem is user mode code can access kernel memory...

Allowing User-mode Code to Access Kernel Memory

Allowing User-mode Code to Access Kernel Memory One of the most important principles of the kernel/user division that modern operating systems enforce is that user mode is not allowed to directly access kernel mode memory. This is necessary to enforce system stability, such as to prevent a buggy...

iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow

Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow iDefense Security Advisory 06.13.06 http://www.idefense.com/application/poi/display?type=vulnerabilities June 13, 2006 I. BACKGROUND Microsoft Windows Operating System is system software for Intel based PCs. More information can be found ...

Microsoft Windows SMB Driver Local Privilege Escalation Vulnerability

Description The Microsoft SMB driver is susceptible to a local privilege-escalation vulnerability. This issue is due to a failure of the affected software to properly bounds-check user-supplied input prior to copying it to insufficiently-sized kernel memory. A local attacker can exploit this issu...

CVE-2006-0039

Race condition in the doaddcounters function in netfilter for Linux kernel 2.6.16 allows local users with CAPNETADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-re...

CVE-2006-0039

Race condition in the doaddcounters function in netfilter for Linux kernel 2.6.16 allows local users with CAPNETADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-re...

CVE-2006-0039

Race condition in the doaddcounters function in netfilter for Linux kernel 2.6.16 allows local users with CAPNETADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-re...

PT-2006-1130 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel version 2.6.16 Description: A race condition exists in the do add counters function in netfilter for the Linux kernel, allowing local users with CAP NET ADMIN capabilities to read kernel memory. This is achieved by triggering the...

CVE-2005-4783

kernfsxread in kernfsvnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory...

CVE-2006-1588

The bridge ioctl ifbridge code in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory...