FreeBSD procfs information leak

Kernel memory disclosure, DoS...

FreeBSD-SA-04:17.procfs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:17.procfs Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in procfs and linprocfs Category: core Module: sys Announced: 2004-12-01...

FreeBSD syscons fails to properly validate input in "CONS_SCRSHOT" ioctl

Overview The FreeBSD syscons CONSSCRSHOT ioctl does not sufficiently validate input for the function's arguments. This may cause the disclosure of arbitrary portions of kernel memory that may contain sensitive information. Description Syscons is the default console driver for FreeBSD. It provides...

FreeBSD-SA-04:15.syscons

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:15.syscons Security Advisory The FreeBSD Project Topic: Boundary checking errors in syscons Category: core Module: sysdevsyscons Announced: 2004-10-04 Credits:...

CVE-2004-0114

The CVE-2004-0114 issue is a reference-count bug in SHMAT (System V Shared Memory) on FreeBSD/NetBSD/OpenBSD where shmat(2) increments the vm_object reference count and then calls vm_map_find; if vm_map_find fails, the reference count is not decremented. This can allow local attackers to gain rea...

CVE-2001-1391

CVE-2001-1391 is an off-by-one vulnerability in the CPIA driver of the Linux kernel prior to 2.2.19 that allows a local user to write into kernel memory. The issue is documented in multiple advisories (Mandrake MDKSA-2001:037, Debian DSA-047-1) and is described as a problem in the CPIA driver’s b...

CVE-2002-1420

OpenBSD 3.1 and earlier are affected by a local privilege escalation due to an integer signedness error in select(2): a negative size value passes the boundary check as signed but is then used as unsigned during a data copy, allowing a local user to overwrite kernel memory. Impact: local code/ker...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:087)

A race condition was discovered in the 64bit file offset handling by Paul Starzetz from iSEC. The file offset pointer fpos is changed during reading, writing, and seeking through a file in order to point to the current position of a file. The value conversion between both the 32bit and 64bit API ...

CVE-2004-0415

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory...

security flaw

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory...

security flaw

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources...

CVE-2004-0602

The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic...

CVE-2004-0602

The CVE-2004-0602 issue affects FreeBSD 4.x/5.x Linux binary compatibility mode. A programming error in handling certain Linux system calls can allow a local attacker to read/overwrite kernel memory, potentially gaining privileges or causing a system panic. Remediation in the connected docs inclu...

CVE-2004-0482

Multiple integer overflows in 1 procfscmdline.c, 2 procfsfpregs.c, 3 procfslinux.c, 4 procfsregs.c, 5 procfsstatus.c, and 6 procfssubr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and possibly perform other unauthorized activities...

CVE-2004-0135

The syssgi SGIIOPROBE system call in IRIX 6.5.20 through 6.5.24 allows local users to gain privileges by reading and writing to kernel memory...

CVE-2004-0495

Summary: CVE-2004-0495 refers to multiple vulnerabilities in Linux kernel 2.4 and 2.6, identified by the Sparse source-checking tool, that can allow local privilege escalation or access to kernel memory. Affected software: Linux kernel for 2.4 and 2.6 series. Root cause/impact: local attacker cou...

CVE-2004-0177

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw devic...

CVE-2003-0910

The NtSetLdtEntries function in the programming interface for the Local Descriptor Table LDT in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory...

CVE-2004-0370

The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic...

CVE-2004-0177

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw devic...