CVE-2006-5218

Integer overflow in the systracepreprepl function STRIOCREPLACE in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service crash, gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl...

CVE-2006-5218

Integer overflow in the systracepreprepl function STRIOCREPLACE in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service crash, gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl...

sppp -- buffer overflow vulnerability

Problem Description While processing Link Control Protocol LCP configuration options received from the remote host, sppp4 fails to correctly validate option lengths. This may result in data being read or written beyond the allocated kernel memory buffer. Impact An attacker able to send LCP packet...

Solaris 10 sysinfo(2) Local Kernel Memory Disclosure Exploit

Exploit for solaris platform in category local exploits ============================================================ Solaris 10 sysinfo2 Local Kernel Memory Disclosure Exploit ============================================================ / $Id: raptorsysinfo.c,v 1.2 2006/08/22 13:47:54 raptor Exp ...

security flaw

Race condition in the 1 addkey, 2 requestkey, and 3 keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service crash or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies t...

CVE-2006-3824

systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness...

CVE-2006-3824

CVE-2006-3824 : Solaris sysinfo(2) local kernel memory disclosure. Local users can read kernel memory when a 0-variable-count argument is passed to sysinfo, causing a -1 argument to be used by copyout. This is described as an integer overflow/signedness issue. Public exploit evidence exists (Sola...

CVE-2006-3824

systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness...

Sun Solaris information leak

sysinfo function leaks kernel memory content...

Solaris <= 10 sysinfo() Local Kernel Memory Disclosure Exploit

No description provided by source. / Sun Microsystems Solaris sysinfo Kernel Memory Disclosure exploit =================================================================== Local exploitation of an integer overflow vulnerability in Sun Microsystems Inc. Solaris allows attackers to read kernel memor...

Microsoft Windows Server Driver Remote Information Disclosure Vulnerability

Description Microsoft Windows Server driver is susceptible to a remote information-disclosure vulnerability. This issue is due to a flaw in the handling of certain SMB traffic. Exploiting this issue allows remote attackers to gain access to potentially sensitive fragments of kernel memory. This m...

Code injection

Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required accessok checks, which allows local users to read arbitrary kernel memory on 64-bit systems signal64.c and cause a denial of service crash and possibly read kernel memory on 32-bit systems...

CVE-2006-2448

Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required accessok checks, which allows local users to read arbitrary kernel memory on 64-bit systems signal64.c and cause a denial of service crash and possibly read kernel memory on 32-bit systems...

Kaspersky Antivirus multiple vulnerabilities

Unsafe kernel mode components implementation leads to Denial of Service and potentially to privilege elevation. Most serious problem is user mode code can access kernel memory...

iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow

Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow iDefense Security Advisory 06.13.06 http://www.idefense.com/application/poi/display?type=vulnerabilities June 13, 2006 I. BACKGROUND Microsoft Windows Operating System is system software for Intel based PCs. More information can be found ...

CVE-2006-0039

Race condition in the doaddcounters function in netfilter for Linux kernel 2.6.16 allows local users with CAPNETADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-re...

CVE-2006-0039

Race condition in the doaddcounters function in netfilter for Linux kernel 2.6.16 allows local users with CAPNETADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-re...

CVE-2006-0039

Race condition in the doaddcounters function in netfilter for Linux kernel 2.6.16 allows local users with CAPNETADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-re...

PT-2006-1130 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel version 2.6.16 Description: A race condition exists in the do add counters function in netfilter for the Linux kernel, allowing local users with CAP NET ADMIN capabilities to read kernel memory. This is achieved by triggering the...

CVE-2005-4783

kernfsxread in kernfsvnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory...