CVE-2007-1865

The ipv6getsockoptsticky function in the kernel in Red Hat Enterprise Linux RHEL Beta 5.1.0 allows local users to obtain sensitive information kernel memory contents via a negative value of the len parameter. NOTE: this issue has been disputed in a bug comment, stating that "len is ignored when...

LTC36188-Don't allow the stack to grow into hugetlb reserved regions

mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service OOPS via unspecified vectors...

[Reversemode Advisory] CheckPoint ZoneLabs Vsdatant.sys multiple local privilege escalation vulnerabilities

CHECK POINT ZONE LABS PRODUCTS MULTIPLE LOCAL PRIVILEGE ESCALATION VULNERABILITIES Ruben Santamarta rubenatreversemodedotcom 08.20.2007 Affected Products: ZoneAlarm 7.0.362 Vsdatant.sys is exposed via “.vsdatant”. The permissive ACL allows everyone to invoke privileged IOCTLs implemented in the...

CVE-2007-4315

The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill"...

CVE-2007-4315

The CVE-2007-4315 entry concerns the AMD ATI atidsmxx.sys driver (Windows Vista, version 3.0.502.0). The vulnerability description states a local privilege escalation via bypassing driver signing and writing to arbitrary kernel memory locations, enabling privilege gain through unspecified vectors...

[USN-489-1] Linux kernel vulnerabilities

=========================================================== Ubuntu Security Notice USN-489-1 July 19, 2007 linux-source-2.6.15 vulnerability CVE-2006-4623, CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876,...

AVG antivirus privilege escalation

IOCTL 0x5348E004 allows unprivileged user to write kernel memory...

USN-479-1: MadWifi vulnerabilities

Multiple flaws in the MadWifi driver were discovered that could lead to a system crash. A physically near-by attacker could generate specially crafted wireless network traffic and cause a denial of service. CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829, CVE-2007-2830 A flaw was...

Bluetooth setsockopt() information leaks

The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copyfromuser function accessing an uninitialized stack buffer...

Integer overflow

Integer underflow in the cpusettasksread function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file...

CVE-2007-2875

Integer underflow in the cpusettasksread function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file...

CVE-2007-2875

CVE-2007-2875 concerns an Integer underflow in cpuset_tasks_read of the Linux kernel when the cpuset filesystem is mounted. The issue affects kernels prior to 2.6.20.13 and 2.6.21.x prior to 2.6.21.4, allowing a local attacker to read kernel memory contents by supplying a large offset while readi...

iDefense Security Advisory 06.07.07: Linux Kernel cpuset tasks Information Disclosure Vulnerability

Linux Kernel cpuset tasks Information Disclosure Vulnerability iDefense Security Advisory 06.07.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 07, 2007 I. BACKGROUND Linux is a clone of the UNIX operating system, written from scratch by Linus Torvalds with assistance from a...

CVE-2007-2831

Array index error in the 1 ieee80211ioctlgetwmmparams and 2 ieee80211ioctlsetwmmparams functions in net80211/ieee80211wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service system crash, possibly obtain kernel memory contents, and possibly execute arbitrary code via ...

CVE-2007-2831

Array index error in the 1 ieee80211ioctlgetwmmparams and 2 ieee80211ioctlsetwmmparams functions in net80211/ieee80211wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service system crash, possibly obtain kernel memory contents, and possibly execute arbitrary code via ...

Code injection

Array index error in the 1 ieee80211ioctlgetwmmparams and 2 ieee80211ioctlsetwmmparams functions in net80211/ieee80211wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service system crash, possibly obtain kernel memory contents, and possibly execute arbitrary code via ...

CVE-2007-2831

Array index error in the 1 ieee80211ioctlgetwmmparams and 2 ieee80211ioctlsetwmmparams functions in net80211/ieee80211wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service system crash, possibly obtain kernel memory contents, and possibly execute arbitrary code via ...

CVE-2007-2831

CVE-2007-2831 affects the MadWifi driver prior to 0.9.3.1. Affected code paths are the net80211/ieee80211_wireless.c functions ieee80211_ioctl_getwmmparams and ieee80211_ioctl_setwmmparams, where an oversized negative array index can cause a system crash, potentially expose kernel memory contents...

SOL5835 - Security Advisory: Possible kernel memory vulnerability in the sendfile() system call - CVE-2005-0708

Vulnerability description The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information. Information about this advisory is available a...

CVE-2007-1734

The DCCP support in the dodccpgetsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service oops, a related issue to...