Apple Mac OSX xnu 1228.x - Local Kernel Memory Disclosure

Apple Mac OSX xnu 1228.x - Local Kernel Memory Disclosure / xnu-getldt.c Copyright c 2008 by Apple MACOS X xnu include include include include include include include define TMPFILE "/tmp/xnu-getldt" define READSIZE 0x2000000 int main int argc, char argv int fd, n, numdesc; void ptr; printf "Appl...

Multiple Kaspersky Lab applications privilege escalation

Access to kernel memory regions from usermode on IOCTL processing...

Zaptel privilege escalation

It's possible to overwrite kernel memory...

[SECURITY] [DSA 1699-1] New zaptel packages fix privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-1699-1 [email protected] http://www.debian.org/security/ Florian Weimer January 11, 2009 http://www.debian.org/security/faq -...

DSA-1699-1 zaptel - privilege escalation

Bulletin has no description...

kernel: insufficient range checks in fault handlers with mremap

Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset...

CVE-2008-5744

Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...

CVE-2008-5744

Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...

Design/Logic Flaw

Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...

CVE-2008-5744

Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...

CVE-2008-5744

CVE-2008-5744 describes an array index error in the zaptel/DAHDI driver (dahdi/tor2.c) that allows local users in the dialout group to overwrite kernel memory by writing to /dev/zap/ctl. Affected: Zaptel/DAHDI versions up to 1.4.11 (and related patches). The root cause relates to an incorrect tor...

CVE-2008-5396

Array index error in the 1 torisa.c and 2 dahdi/tor2.c drivers in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZTSPANCONFIG...

CVE-2008-5396

Array index error in the 1 torisa.c and 2 dahdi/tor2.c drivers in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZTSPANCONFIG...

Design/Logic Flaw

Array index error in the 1 torisa.c and 2 dahdi/tor2.c drivers in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZTSPANCONFIG...

CVE-2008-5396

Array index error in the 1 torisa.c and 2 dahdi/tor2.c drivers in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZTSPANCONFIG...

CVE-2008-5396

CVE-2008-5396 is an array index error in Zaptel (DAHDI) drivers, affecting Zaptel versions up to 1.4.11 and earlier. The flaw resides in the torisa.c and tor2.c code paths that handle the ZT_SPANCONFIG ioctl, allowing local users in the dialout group to overwrite kernel memory by writing to /dev/...

SAMBA information disclosure

Kernel memory disclosure on processing of few SMB request types...

msvista-overflow.txt

phion Security Advisory 21/10/2008 Microsoft VISTA TCP/IP stack buffer overflow Summary ----------------------------- Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory...

VulnCheck KEV: CVE-2006-5758

The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a...

FreeBSD Security Advisory (FreeBSD-SA-03:17.procfs.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-03:17.procfs.asc ADV FreeBSD-SA-03:17.procfs.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...