Ubuntu 12.10 : linux vulnerabilities (USN-1972-1)

Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service system crash. CVE-2013-4254 A failure to validate block numbers was discovered in the Linux kernel's implementation of th...

Design/Logic Flaw

The sendfile system-call implementation in sys/kern/uipcsyscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information kernel memory via a length greater than the length of the file...

Kernel: fanotify: info leak in copy_event_to_user

The filleventmetadata function in fs/notify/fanotify/fanotifyuser.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor...

Kernel: cpqarray/cciss: information leak via ioctl

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via 1 a crafted IDAGETPCIINFO command for a...

Kernel: net: af_key: initialize satype in key_notify_policy_flush

The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...

Kernel: signal: information leak in tkill/tgkill

The dotkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a 1 tkill or 2 tgkill system call...

Kernel: information leak in cdrom driver

The mmcioctlcdromreaddata function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive...

MS Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2876315)

This host is missing an important security update according to Microsoft Bulletin MS13-076. OpenVAS Vulnerability Test $Id: secpodms13-076.nasl 6104 2017-05-11 09:03:48Z teissa $ MS Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities 2876315 Authors: Antu Sanadi Copyright: Copyright c...

PT-2013-3097 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: Elevation of privilege issues exist due to the Windows kernel-mode driver's improper handling of objects in memory. An attacker who successfully exploits these issues could gain elevated...

Ubuntu Update for linux USN-1929-1

Check for the Version of linux OpenVAS Vulnerability Test $Id: gbubuntuUSN19291.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for linux USN-1929-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities

Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities CSRF: Loftek Nexus 543 CSRF PoC Memory Dump: !/bin/sh This script exploits CVE-2013-3311 to retrieve kernel memory from a Loftek Nexus 543 IP camera The file which is downloaded can be analyzed strings to recover passwords and other goodies i...

FreeBSD -- Kernel memory disclosure in sctp(4)

Problem Description: When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized. Impact: Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are...

Kernel: cpqarray/cciss: information leak via ioctl

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via 1 a crafted IDAGETPCIINFO command for a...

Kernel: information leak in cdrom driver

The mmcioctlcdromreaddata function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive...

USN-1933-1: Linux kernel (OMAP4) vulnerabilities

Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service system crash. CVE-2013-1059 An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtai...

USN-1929-1: Linux kernel vulnerability

An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory...

CVE-2013-3197

The NT Virtual DOS Machine NTVDM subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileg...

CVE-2013-1943

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2015)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2015 advisory. - sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set CVE-2011-1573 - dccp: fix oops on Reset after close CVE-2011-1093 - bridge:...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2520)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-2520 advisory. - mm/hotplug: correctly add new zone to all other nodes' zone lists Jiang Liu Orabug: 16603569 CVE-2012-5517 - ptrace: ptraceresume shouldn't wake ...