Stack overflow

The sctpsendinitiateack function in sys/netinet/sctpoutput.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by readi...

CVE-2013-3077

Multiple integer overflows in the IPMSFILTER and IPV6MSFILTER features in 1 sys/netinet/inmcast.c and 2 sys/netinet6/in6mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write...

CVE-2013-3077

Multiple integer overflows in the IPMSFILTER and IPV6MSFILTER features in 1 sys/netinet/inmcast.c and 2 sys/netinet6/in6mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write...

FreeBSD Security Advisory FreeBSD-SA-13:10.sctp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:10.sctp Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in sctp4 Category: core Module: sctp Announced: 2013-08-22 Credits: Julian Seward...

Ubuntu Update for linux USN-1929-1

Check for the Version of linux OpenVAS Vulnerability Test $Id: gbubuntuUSN19291.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for linux USN-1929-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities

Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities CSRF: Loftek Nexus 543 CSRF PoC Memory Dump: !/bin/sh This script exploits CVE-2013-3311 to retrieve kernel memory from a Loftek Nexus 543 IP camera The file which is downloaded can be analyzed strings to recover passwords and other goodies i...

DSA-2743-1 kfreebsd-9 - several

Bulletin has no description...

FreeBSD-SA-13:10.sctp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:10.sctp Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in sctp4 Category: core Module: sctp Announced: 2013-08-22 Credits: Julian Seward...

FreeBSD -- Kernel memory disclosure in sctp(4)

Problem Description: When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized. Impact: Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are...

Kernel: cpqarray/cciss: information leak via ioctl

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via 1 a crafted IDAGETPCIINFO command for a...

Kernel: information leak in cdrom driver

The mmcioctlcdromreaddata function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive...

Kernel: net: af_key: initialize satype in key_notify_policy_flush

The keynotifypolicyflush function in net/key/afkey.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notifypolicy interface of an IPSec keysocket...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

USN-1933-1: Linux kernel (OMAP4) vulnerabilities

Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service system crash. CVE-2013-1059 An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtai...

USN-1929-1: Linux kernel vulnerability

An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory...

CVE-2013-3198

The NT Virtual DOS Machine NTVDM subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileg...

CVE-2013-3197

The NT Virtual DOS Machine NTVDM subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileg...

CVE-2013-3196

The NT Virtual DOS Machine NTVDM subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileg...

CVE-2013-3197

The NT Virtual DOS Machine NTVDM subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileg...

CVE-2013-1943

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted...