CVE-2008-0779

The CVE-2008-0779 entry describes a local privilege-escalation flaw in the fortimon.sys device driver of Fortinet FortiClient Host Security (versions up to 3.0 MR5 Patch 3 and earlier). The vulnerability arises from improper initialization of the Driver’s DeviceExtension, enabling a local user to...

Debian DSA-1494-2 : linux-2.6 - missing access checks

The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges CVE-2008-0010, CVE-2008-0600 . In the vserver-enabled kernels, a missing access check on certain symlinks ...

DSA-1494-1 linux-2.6 - privilege escalation

Bulletin has no description...

CVE-2008-0007

Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset...

Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability Advisory ID: cisco-sa-20071205-csa http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml Revision 1.0 For Public Release 2007...

LTC36188-Don't allow the stack to grow into hugetlb reserved regions

mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service OOPS via unspecified vectors...

ALSA memory disclosure flaw

The sndmemprocread function in sound/core/memalloc.c in the Advanced Linux Sound Architecture ALSA in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information kernel memory contents via a small count argument, as demonstrate...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These ne...

AhnLab AntiVirus Remote Kernel Memory Corruption

AhnLab AntiVirus Remote Kernel Memory Corruption Sowhat of Nevis Labs HTTP://www.nevisnetworks.com http://secway.org/advisory/AD20071116.txt Vendor: AhnLab Inc. Affected: AhnLab Antivirus V3 Internet Security 2008 The other version maybe vulnerable too. This vulnerability has been confirmed on...

CVE-2007-5667

CVE-2007-5667 affects the Novell NetWare Client for Windows, where the nwfilter.sys driver is loaded at startup and exposes the local-device .wfilter via METHOD_NEITHER IOCTLs. The vulnerability allows an unprivileged local user to pass kernel addresses as arguments and overwrite kernel memory, e...

CVE-2007-5667

NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the .\nwfilter device available for arbitrary user-mode input via METHODNEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel...

Novell Netware client privilege escalation

Unprivileged user can manipulate kernel memory with .nwfilter device...

Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/-2.6.12/-2.6.15 vulnerabilities (USN-311-1)

A race condition was discovered in the doaddcounters functions. Processes which do not run with full root privileges, but have the CAPNETADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so th...

Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-restricted-modules-2.6.15/.17/.20 vulnerabilities (USN-479-1)

Multiple flaws in the MadWifi driver were discovered that could lead to a system crash. A physically near-by attacker could generate specially crafted wireless network traffic and cause a denial of service. CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829, CVE-2007-2830 A flaw was...

Ubuntu 7.04 : linux-source-2.6.20 vulnerabilities (USN-510-1)

A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. CVE-2007-2525 An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel...

CVE-2007-4223

Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors...

Design/Logic Flaw

Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors...

Microsoft Sysinternals DebugView privilege escalation

Dbgv.sys Driver allows any user to copy any data in kernel memory...

iDefense Security Advisory 10.02.07: Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability

Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability iDefense Security Advisory 10.02.07 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 02, 2007 I. BACKGROUND Solaris is a UNIX operating system developed by Sun Microsystems. More information can be found at the...

Code injection

The sndmemprocread function in sound/core/memalloc.c in the Advanced Linux Sound Architecture ALSA in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information kernel memory contents via a small count argument, as demonstrate...