Linux Kernel 2.4.x/2.6.x - Local Denial of Service / Memory Disclosure

source: https://www.securityfocus.com/bid/11754/info The Linux kernel is reported prone to multiple local vulnerabilities: - A handcrafted 'a.out' file may be used to trigger a local denial-of-service condition. A local attacker may exploit this vulnerability to trigger a system-wide denial of...

Debian DSA-201-1 : freeswan - denial of service

Bindview discovered a problem in several IPSEC implementations that do not properly handle certain very short packets. IPSEC is a set of security extensions to IP which provide authentication and encryption. Free/SWan in Debian is affected by this and is said to cause a kernel panic. %NASLMINLEVE...

CVE-2002-1490

CVE-2002-1490 affects NetBSD 1.4–1.6 beta. The vulnerability is triggered by a sequence of TIOCSCTTY ioctl calls that overrun a structure counter, resetting it to zero and freeing memory still in use, leading to a local denial of service via kernel panic. The connected documents confirm the issue...

Vulnerability: OpenBSD 3.5 Kernel Panic.

Hi, I have posted this vulnerability note to CERT and gotten no response. It is remotely exploitable, but since it requires commands to be executed as root on the gateway machine, it is unlikely to cause any unplanned disruption. OpenBSD was contacted, and they provided a patch within 12 hours...

CVE-2004-0654

Unknown vulnerability in the Basic Security Module BSM, when configured to audit either the Administrative ad or the System-Wide Administration as audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service kernel panic...

CVE-2004-0654

Unknown vulnerability in the Basic Security Module BSM, when configured to audit either the Administrative ad or the System-Wide Administration as audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service kernel panic...

CVE-2004-1346

The Sun Solaris Volume Manager SVM on Solaris 9 allows local users to cause a denial of service kernel panic via a malformed probe request to the SVM...

[Full-Disclosure] Fwd: [Re: cvs commit: src/sys/vm vm_map.c]

Hello, FYI: A FreeBSD user suggested that this issue requires a security advisory. The issue has been public for some time, but currently, FreeBSD does not issue advisories for local denial-of-service issues. It is expected that this bug will soon be fixed in FreeBSD 4.x it is already fixed in...

CVE-2003-0368

Nokia Gateway GPRS support node GGSN allows remote attackers to cause a denial of service kernel panic via a malformed IP packet with a 0xFF TCP option...

CVE-2003-0175

SGI IRIX before 6.5.21 allows local users to cause a denial of service kernel panic via a certain call to the PIOCSWATCH ioctl...

CVE-2003-0368

Nokia Gateway GPRS support node GGSN allows remote attackers to cause a denial of service kernel panic via a malformed IP packet with a 0xFF TCP option...

CVE-2003-0368

CVE-2003-0368 affects the Nokia Gateway GPRS Support Node (GGSN, IP650-based). The issue allows a remote attacker to trigger a kernel panic/DoS by sending a malformed IP packet containing a TCP option 0xFF. Impact is a restart of the GGSN and disruption of connectivity. Mitigation provided by Nok...

CVE-2003-0175

CVE-2003-0175 affects SGI IRIX prior to 6.5.21 via the PIOCSWATCH ioctl: a local attacker can crash the kernel (DoS). CERT/CC and NVD confirm this is a local-denial condition caused by invoking PIOCSWATCH in user space. Vendor guidance (SGI advisory 20030603-01-P) recommends upgrading to IRIX 6.5...

CVE-2003-0175

SGI IRIX before 6.5.21 allows local users to cause a denial of service kernel panic via a certain call to the PIOCSWATCH ioctl...

CVE-2003-0955

OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service kernel panic and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by 1 ibcs2exec.c in the iBCS2 emulation compatibcs2 or 2 execelf.c, which leads to a stack-based...

OpenBSD 3.33.4 - semctlsemop Local Unexpected Array Indexing

OpenBSD 3.33.4 - semctlsemop Local Unexpected Array Indexing // source: https://www.securityfocus.com/bid/9086/info A local OpenBSD kernel vulnerability has been discovered when handling the semctl and semop system calls. The problem specifically occurs due to improper sanity checking before...

OpenBSD 3.3/3.4 - semctl/semop Local Unexpected Array Indexing

// source: https://www.securityfocus.com/bid/9086/info A local OpenBSD kernel vulnerability has been discovered when handling the semctl and semop system calls. The problem specifically occurs due to improper sanity checking before handling a user-supplied semaphore set. It is said that this coul...

[Full-Disclosure] OpenBSD kernel panic, yet still O*BSD much worse than MS-DoS 6.0

ppl think "hey, local DoS sucks", therefore they are. i think "hey, obsd sucks", therefore i am. include stdio.h include sys/param.h include sys/sysctl.h int main unsigned int blah2 = CTLKERN, 0 , addr = -4096 + 1; return sysctl blah, 2, void addr, &blah1, 0, 0; it's wide, it's opened, it's surel...

OpenBSD 3.33.4 - sysctl Local Denial of Service

OpenBSD 3.33.4 - sysctl Local Denial of Service // source: https://www.securityfocus.com/bid/9073/info A denial of service vulnerability has been reported for OpenBSD, specifically when handling malformed calls to sysctl. By invoking systcl and passing a specific flag in conjunction with a negati...

[Full-Disclosure] OpenBSD kernel panic, yet still *BSD much better than windows

Georgi Guninski security advisory 63, 2003 OpenBSD kernel panic, yet still BSD much better than windows Systems affected: tested on OpenBSD 3.3 and 2.8, probably other versions also affected Risk: Low Date: 4 November 2003 Legal Notice: This Advisory is Copyright c 2003 Georgi Guninski. You may...