Out-of-bounds

The DCCP support in the dodccpgetsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service oops, a related issue to...

CVE-2007-1730

Integer signedness error in the DCCP support in the dodccpgetsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service oops via a negative optlen value...

Integer overflow

Integer signedness error in the DCCP support in the dodccpgetsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service oops via a negative optlen value...

CVE-2007-1730

Integer signedness error in the DCCP support in the dodccpgetsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service oops via a negative optlen value...

Linux kernel DCCP information leak

Integer overflow in getsockopt for SOLDCCP gives ability to read content of kernel memory...

etherleak.txt

!/usr/bin/perl -w etherleak, code that has been 5 years coming. On 04/27/2002, I disclosed on the Linux Kernel Mailing list, a vulnerability that would be come known as the 'etherleak' bug. In various situations an ethernet frame must be padded to reach a specific size or fall on a certain...

Ethernet Device Drivers Frame Padding Info Leakage Exploit (Etherleak)

No description provided by source. !/usr/bin/perl -w etherleak, code that has been 5 years coming. On 04/27/2002, I disclosed on the Linux Kernel Mailing list, a vulnerability that would be come known as the 'etherleak' bug. In various situations an ethernet frame must be padded to reach a specif...

Linux Kernel 2.0.x2.2.x2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure

Linux Kernel 2.0.x2.2.x2.4.x FreeBSD 4.x - Network Device Driver Frame Padding Information Disclosure source: https://www.securityfocus.com/bid/6535/info Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers. Frames that are small...

Ethernet Device Drivers Frame Padding Info Leakage Expl (Etherleak)

Exploit for multiple platform in category remote exploits ====================================================================== Ethernet Device Drivers Frame Padding Info Leakage Exploit Etherleak ====================================================================== !/usr/bin/perl -w etherleak,...

CVE-2007-1000

The ipv6getsockoptsticky function in net/ipv6/ipv6sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference...

Integer overflow

Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by 1 modifying the iseve function to gain privileges and 2 making the devpermcheck function...

CVE-2006-7051

The systimercreate function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service memory consumption and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are...

CVE-2006-7051

The systimercreate function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service memory consumption and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are...

intel-race.txt

Title: Intel 2200BG 802.11 Beacon frame Kernel Memory Corruption Description: The intel wireless mini-pci driver provided with Intel 2200BG cards is vulnerable to a remote race condition memory corruption flaw. Malformed beacons frame can be used to corrupt internal kernel structures,leading to...

CVE-2006-6656

CVE-2006-6656 describes an unspecified vulnerability in ptrace on NetBSD targets: NetBSD-current before 20061027, NetBSD 3.0/3.0.1 before 20061027, and NetBSD 2.x before 20061119. The issue allows local users to read kernel memory and obtain sensitive information through manipulations of a PT_LWP...

FreeBSD Security Advisory FreeBSD-SA-06:25.kmem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:25.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in firewire4 Category: core Module: sysdev Announced: 2006-12-06 Credits: Rodrigo...

FireWire IOCTL integer overflow in different BSD-based Unix system

Negative IOCTL paramter value allows read access to kernel memory...

FreeBSD -- Kernel memory disclosure in firewire(4)

Problem Description: In the FWGCROM ioctl, a signed integer comparison is used instead of an unsigned integer comparison when computing the length of a buffer to be copied from the kernel into the calling application. Impact: A user in the "operator" group can read the contents of kernel memory...

NetBSD多个本地信息泄露漏洞

NetBSD是一款开放源代码的操作系统。 NetBSD在返回内核内存到用户空间时缺少过滤，本地攻击者可以利用漏洞获得内核敏感信息。 目前没有详细漏洞细节提供。 NetBSD NetBSD 3.0.1 NetBSD NetBSD 3.0 NetBSD NetBSD 2.1 NetBSD NetBSD 2.0.3 NetBSD NetBSD 2.0.2 NetBSD NetBSD 2.0.1 NetBSD NetBSD 2.0 NetBSD NetBSD Current NetBSD NetBSD 3,1RC1 NetBSD NetBSD 2.1.1 NetBSD NetBSD 2.0.4...

Symantec AntiVirus privilege escalation

Insufficient address checks in SAVRT, NAVENG and NAVEX15 devices IOCTLS calls allos to overwrite kernel memory...