FreeBSD-SA-04:15.syscons

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:15.syscons Security Advisory The FreeBSD Project Topic: Boundary checking errors in syscons Category: core Module: sysdevsyscons Announced: 2004-10-04 Credits:...

FreeBSD : SA-04:15.syscons

The remote host is running a version of FreeBSD which contains a flaw in the syscons console driver. There are boundary errors in the CONSSCRSHOT ioctls that may allow a local attacker to read portions of the kernel memory, which may contain sensitive information. C Tenable Network Security, Inc...

Debian DSA-442-1 : linux-kernel-2.4.17-s390 - several vulnerabilities

Several security related problems have been fixed in the Linux kernel 2.4.17 used for the S/390 architecture, mostly by backporting fixes from 2.4.18 and incorporating recent security fixes. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures CVE...

CVE-2004-0114

The CVE-2004-0114 issue is a reference-count bug in SHMAT (System V Shared Memory) on FreeBSD/NetBSD/OpenBSD where shmat(2) increments the vm_object reference count and then calls vm_map_find; if vm_map_find fails, the reference count is not decremented. This can allow local attackers to gain rea...

CVE-2004-0114

The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vmmapfind function fails, which could allow local users to gain read or...

CVE-2002-1420

OpenBSD 3.1 and earlier are affected by a local privilege escalation due to an integer signedness error in select(2): a negative size value passes the boundary check as signed but is then used as unsigned during a data copy, allowing a local user to overwrite kernel memory. Impact: local code/ker...

CVE-2002-1420

Integer signedness error in select on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation...

CVE-2001-1391

CVE-2001-1391 is an off-by-one vulnerability in the CPIA driver of the Linux kernel prior to 2.2.19 that allows a local user to write into kernel memory. The issue is documented in multiple advisories (Mandrake MDKSA-2001:037, Debian DSA-047-1) and is described as a problem in the CPIA driver’s b...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:087)

A race condition was discovered in the 64bit file offset handling by Paul Starzetz from iSEC. The file offset pointer fpos is changed during reading, writing, and seeking through a file in order to point to the current position of a file. The value conversion between both the 32bit and 64bit API ...

Linux Kernel: Multiple information leaks

Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description The Linux kernel allo...

Fedora Core 1 : kernel-2.4.22-1.2199.nptl (2004-251)

Paul Starzetz discovered flaws in the Linux kernel when handling file offset pointers. These consist of invalid conversions of 64 to 32-bit file offset pointers and possible race conditions. A local unprivileged user could make use of these flaws to access large portions of kernel memory. The...

CVE-2004-0535

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources...

CVE-2004-0495

Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool...

CVE-2004-0135

The syssgi SGIIOPROBE system call in IRIX 6.5.20 through 6.5.24 allows local users to gain privileges by reading and writing to kernel memory...

CVE-2004-0495

Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool...

CVE-2004-0415

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory...

Linux kernel integer types conversion problems.

It's possible to access kernel memory because of inters conversion bug in 64bit file API for example llseek...

security flaw

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources...

security flaw

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory...

Fedora Core 1 : kernel-2.4.22-1.2140.nptl (2003-047)

Various RTC drivers had the potential to leak small amounts of kernel memory to userspace through IOCTL's. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2003-0984 to this issue. Note that Tenable Network Security has extracted the preceding description...