2854 matches found
CVE-2004-0177
CVE-2004-0177 affects Linux 2.4.x (before 2.4.26) due to improper initialization of journal descriptor blocks in ext3, causing an information leak where in-memory kernel data could be written to the device and read back via raw-device access. Impact: privileged users could obtain portions of kern...
CVE-2003-0910
CVE-2003-0910 concerns a privilege-elevation flaw in the Local Descriptor Table (LDT) interface on Windows NT 4.0 and Windows 2000. An attacker must be locally logged on to exploit by creating a malicious LDT entry to gain access to protected memory; Windows XP and Windows Server 2003 are not aff...
Microsoft Virtual DOS Machine Local Privilege Escalation Vulnerability
Description A problem exists in the Virtual DOS Machine VDM that may allow a local user to elevate their privilege level. The issue exists because an attacker may use the VDM to write arbitrary code to protected kernel memory locations. Technologies Affected Avaya DefinityOne Media Servers Avaya...
CVE-2004-0370
The CVE-2004-0370 issue affects FreeBSD 5.2 using the KAME IPv6 stack, where a programming error in setsockopt(2) handling of IPv6 socket options can allow a local attacker to read portions of kernel memory and cause a system panic. The vulnerability arises from improper validation in setsockopt(...
FreeBSD-SA-04:02.shmat
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:02.shmat Security Advisory The FreeBSD Project Topic: shmat reference counting bug Category: core Module: kernel Announced: 2004-02-05 Credits: Joost Pol...
CVE-2003-1289
The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory memory disclosure via a large length parameter, which copies additional kernel memory into userland memory...
FreeBSD-SA-03:17.procfs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:17.procfs Security Advisory The FreeBSD Project Topic: kernel memory disclosure via procfs Category: core Module: sys Announced: 2003-10-03 Credits: Joost Pol...
*BSD ibcs2 information leak
statfs call with large argument length allows to read kernel memory content...
CVE-2003-1072
Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service kernel memory consumption...
CVE-2002-1420
Integer signedness error in select on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation...
CVE-2003-0001
The CVE-2003-0001 issue, known as Etherleak, is an information-disclosure vulnerability caused by NIC/device drivers not padding Ethernet frames with null bytes, allowing an adjacent attacker to glimpse memory content from previously transmitted packets. Connected documents show this vulnerabilit...
CVE-2002-2180
The setitimer2 system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error...
Microsoft Security Bulletin MS02-063: Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834)
-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks Q329834 Date: 30 October 2002 Software: Windows 2000, Windows XP Impact: Denial of Service Max Risk:...
BubbleMon 1.x Kernel - Memory File Descriptor Leakage
BubbleMon 1.x Kernel - Memory File Descriptor Leakage source: https://www.securityfocus.com/bid/5714/info It has been reported that BubbleMon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to...
WMMon 1.0 b2 - Memory Character File Open File Descriptor Read
WMMon 1.0 b2 - Memory Character File Open File Descriptor Read source: https://www.securityfocus.com/bid/5718/info It has been reported that wmmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attacker...
WMNet2 1.0 6 - Kernel Memory File Descriptor Leakage
WMNet2 1.0 6 - Kernel Memory File Descriptor Leakage source: https://www.securityfocus.com/bid/5719/info It has been reported that wmnet2 is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to...
Microsoft Windows 2000 vulnerable to DoS via malformed packets sent to port 445/tcp
Overview The default configuration of Microsoft Windows 2000 does not properly handle malformed packets received on TCP port 445. As a result, Windows may cease to function normally upon receipt of malformed packets on this port. Description Microsoft LAN Manager LANMAN is enabled by default on...
CVE-2002-0973
Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the 1 accept, 2 getsockname, and 3 getpeername system calls, and the 4 vesa FBIOGETPALETTE ioctl...
CVE-2002-0973
The CVE-2002-0973 entry describes an integer signedness error in FreeBSD 4.6.1 RELEASE-p10 and earlier affecting the (1) accept, (2) getsockname, (3) getpeername system calls, and (4) vesa FBIO_GETPALETTE ioctl. This vulnerability can allow attackers to access sensitive kernel memory by supplying...
OpenBSD Security Advisory: Select Boundary Condition
OpenBSD Security Advisory adv.select Original Release Date: 2002-08-11 1. Systems affected: All versions of OpenBSD. 2. Overview: Insufficient boundary checks in the select call allow an attacker to overwrite kernel memory and execute arbitrary code in kernel context. Traditionally, the size...