CVE-2008-0779

The CVE-2008-0779 entry describes a local privilege-escalation flaw in the fortimon.sys device driver of Fortinet FortiClient Host Security (versions up to 3.0 MR5 Patch 3 and earlier). The vulnerability arises from improper initialization of the Driver’s DeviceExtension, enabling a local user to...

Null pointer dereference

The vmsplicetouser function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations...

Null pointer dereference

The copyfromusermmapsem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations...

CVE-2008-0010

The copyfromusermmapsem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations...

Debian DSA-1494-2 : linux-2.6 - missing access checks

The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges CVE-2008-0010, CVE-2008-0600 . In the vserver-enabled kernels, a missing access check on certain symlinks ...

DSA-1494-1 linux-2.6 - privilege escalation

Bulletin has no description...

CVE-2008-0007

Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset...

CVE-2008-0007

Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset...

[SECURITY] [DSA 1436-1] New Linux 2.6.18 packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1436-1 [email protected] http://www.debian.org/security/ dann frazier December 20th, 2007 http://www.debian.org/security/faq -...

Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability Advisory ID: cisco-sa-20071205-csa http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml Revision 1.0 For Public Release 2007...

LTC36188-Don't allow the stack to grow into hugetlb reserved regions

mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service OOPS via unspecified vectors...

ALSA memory disclosure flaw

The sndmemprocread function in sound/core/memalloc.c in the Advanced Linux Sound Architecture ALSA in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information kernel memory contents via a small count argument, as demonstrate...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These ne...

AhnLab AntiVirus Remote Kernel Memory Corruption

AhnLab AntiVirus Remote Kernel Memory Corruption Sowhat of Nevis Labs HTTP://www.nevisnetworks.com http://secway.org/advisory/AD20071116.txt Vendor: AhnLab Inc. Affected: AhnLab Antivirus V3 Internet Security 2008 The other version maybe vulnerable too. This vulnerability has been confirmed on...

[TKADV2007-001] Mac OS X TIOCSETD IOCTL Kernel Memory Corruption Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Mac OS X TIOCSETD IOCTL Kernel Memory Corruption Vulnerability Advisory ID: TKADV2007-001 Revision: 1.0 Release Date: 2007/11/15 Last Modified: 2007/11/15 Date Reported: 2007/03/19 Author: Tobias Klein tk at trapkit.de Affected Software: Mac...

CVE-2007-5667

NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the .\nwfilter device available for arbitrary user-mode input via METHODNEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel...

CVE-2007-5667

CVE-2007-5667 affects the Novell NetWare Client for Windows, where the nwfilter.sys driver is loaded at startup and exposes the local-device .wfilter via METHOD_NEITHER IOCTLs. The vulnerability allows an unprivileged local user to pass kernel addresses as arguments and overwrite kernel memory, e...

CVE-2007-5667

NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the .\nwfilter device available for arbitrary user-mode input via METHODNEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel...

Novell Netware client privilege escalation

Unprivileged user can manipulate kernel memory with .nwfilter device...

Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/-2.6.12/-2.6.15 vulnerabilities (USN-311-1)

A race condition was discovered in the doaddcounters functions. Processes which do not run with full root privileges, but have the CAPNETADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so th...