NuxAcid#002 - Buffer Overflow in UpClient

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= NUX-ACID ADVISORY 002 Advisory name : Local Buffer Overflow in upclient Risk : Medium exploit grants kmem rights Date : 27.05.2003 Application : upclient Versions Vulnerable : UpClient 5.0b7, possible others Vendor : Carst...

CVE-2003-1072

Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service kernel memory consumption...

CVE-2002-1420

Integer signedness error in select on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation...

CVE-2003-0001

The CVE-2003-0001 issue, known as Etherleak, is an information-disclosure vulnerability caused by NIC/device drivers not padding Ethernet frames with null bytes, allowing an adjacent attacker to glimpse memory content from previously transmitted packets. Connected documents show this vulnerabilit...

Etherleak: Ethernet frame padding information leakage (A010603-1)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Etherleak: Ethernet frame padding information leakage Release Date: 01/06/2003 Application: Ethernet device driver software Platform: Multiple Severity: Information disclosure Authors: Ofir...

CVE-2002-2127

Integrity Protection Driver IPD 1.2 and earlier blocks access to \Device\PhysicalMemory by its name, which could allow local privileged processes to overwrite kernel memory by accessing the device through a symlink...

CVE-2002-2180

The setitimer2 system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error...

Microsoft Security Bulletin MS02-063: Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834)

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks Q329834 Date: 30 October 2002 Software: Windows 2000, Windows XP Impact: Denial of Service Max Risk:...

CVE-2002-0973

Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the 1 accept, 2 getsockname, and 3 getpeername system calls, and the 4 vesa FBIOGETPALETTE ioctl...

CVE-2002-1125

FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including 1 asmon, 2 ascpu, 3 bubblemon, 4 wmmon, and 5 wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory...

CVE-2002-1125

FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including 1 asmon, 2 ascpu, 3 bubblemon, 4 wmmon, and 5 wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory...

BubbleMon 1.x Kernel - Memory File Descriptor Leakage

BubbleMon 1.x Kernel - Memory File Descriptor Leakage source: https://www.securityfocus.com/bid/5714/info It has been reported that BubbleMon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to...

ASCPU 0.60 Kernel - Memory File Descriptor Leakage

source: https://www.securityfocus.com/bid/5716/info It has been reported that ascpu is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/km...

WMNet2 1.0 6 - Kernel Memory File Descriptor Leakage

source: https://www.securityfocus.com/bid/5719/info It has been reported that wmnet2 is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and...

ASCPU 0.60 Kernel - Memory File Descriptor Leakage

ASCPU 0.60 Kernel - Memory File Descriptor Leakage source: https://www.securityfocus.com/bid/5716/info It has been reported that ascpu is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit...

WMNet2 1.0 6 - Kernel Memory File Descriptor Leakage

WMNet2 1.0 6 - Kernel Memory File Descriptor Leakage source: https://www.securityfocus.com/bid/5719/info It has been reported that wmnet2 is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to...

WMMon 1.0 b2 - Memory Character File Open File Descriptor Read

WMMon 1.0 b2 - Memory Character File Open File Descriptor Read source: https://www.securityfocus.com/bid/5718/info It has been reported that wmmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attacker...

FreeBSD-SA-02:39.libkvm

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:39.libkvm Security Advisory The FreeBSD Project Topic: Applications using libkvm may leak sensitive descriptors Category: core Module: libkvm Announced: 2002-09-16...

BubbleMon 1.x Kernel - Memory File Descriptor Leakage

source: https://www.securityfocus.com/bid/5714/info It has been reported that BubbleMon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and...

Microsoft Windows 2000 vulnerable to DoS via malformed packets sent to port 445/tcp

Overview The default configuration of Microsoft Windows 2000 does not properly handle malformed packets received on TCP port 445. As a result, Windows may cease to function normally upon receipt of malformed packets on this port. Description Microsoft LAN Manager LANMAN is enabled by default on...