FreeBSD-SA-16:20.linux

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:20.linux Security Advisory The FreeBSD Project Topic: Kernel stack disclosure in Linux compatibility layer Category: core Module: linux4 Announced: 2016-05-3...

FreeBSD -- Kernel stack disclosure in Linux compatibility layer

Problem Description: The implementation of the TIOCGSERIAL ioctl2 does not clear the output struct before copying it out to userland. The implementation of the Linux sysinfo system call does not clear the output struct before copying it out to userland. Impact: An unprivileged user can read a...

Linux kernel information disclosure vulnerability (CNVD-2016-03564)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the 'x25negotiatefacilities' function in the net/x25/x25facilities.c file in versions of the Linux kernel prior to 4.5.5, whi...

DEBIAN-CVE-2016-4578

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the 1 sndtimeruserccallback and 2 sndtimerusertinterrupt...

DEBIAN-CVE-2016-4569

The sndtimeruserparams function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface...

CVE-2016-4485

The llccmsgrcv function in net/llc/afllc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message...

CVE-2016-4569

The sndtimeruserparams function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface...

Apple OS X 10.10.5 - 'rootsh' Local Privilege Escalation

rootsh rootsh is a local privilege escalation targeting OS X Yosemite 10.10.5 build 14F27. It exploits CVE-2016-1758 and CVE-2016-1828, two vulnerabilities in XNU that were patched in OS X El Capitan 10.11.4 and 10.11.5. rootsh will not work on platforms with SMAP enabled. CVE-2016-1758:...

kernel: x86: espfix not working for 32-bit KVM paravirt guests

It was found that the espfix functionality does not work for 32-bit KVM paravirtualized guests. A local, unprivileged guest user could potentially use this flaw to leak kernel stack addresses...

CVE-2016-4485

The llccmsgrcv function in net/llc/afllc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message...

CVE-2011-1173

The econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.39 on the x8664 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking AUN packet...

NetUSB - Kernel Stack Buffer Overflow

!/usr/bin/env python -- coding: utf-8 -- Exploit Title: NetUSB Kernel Stack Buffer Overflow Date: 9/10/15 Exploit Author: Adrian Ruiz Bermudo Vendor Homepage: http://www.kcodes.com/ Version: Multiple:...

NetUSB Driver Flaw Exposes Millions of Routers to Hacking

A simple but shockingly dangerous vulnerability has been uncovered in the NetUSB component, putting Millions of modern routers and other embedded devices across the globe at risk of being compromised by hackers. The security vulnerability, assigned CVE-2015-3036, is a remotely exploitable kernel...

KCodes NetUSB Vulnerability Details Surface

The Department of Homeland Security-sponsored CERT at Carnegie Mellon University today issued an alert warning of a serious vulnerability in KCode NetUSB, which is integrated into products sold by a number of networking vendors. KCodes NetUSB is a Linux kernel module that enables several users on...

Debian DLA-155-1 : linux-2.6 security update

This update fixes the CVEs described below. A further issue, CVE-2014-9419, was considered, but appears to require extensive changes with a consequent high risk of regression. It is now unlikely to be fixed in squeeze-lts. CVE-2013-6885 It was discovered that under specific circumstances, a...

Security update for the Linux Kernel (important)

The openSUSE 13.1 kernel was updated to fix security issues and bugs: Security issues fixed: CVE-2014-9322: A local privilege escalation in the x8664 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. CVE-2014-9090: The...

FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:25.setlogin Security Advisory The FreeBSD Project Topic: Kernel stack disclosure in setlogin2 / getlogin2 Category: core Module: kernel Announced: 2014-11-04...

FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2)

Problem Description: When setlogin2 is called while setting up a new login session, the login name is copied into an uninitialized stack buffer, which is then copied into a buffer of the same size in the session structure. The getlogin2 system call returns the entire buffer rather than just the...

NetBSD <= 5.0.1 'IRET' General Protection Fault Handling Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36430/info NetBSD is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to cause the kernel stack to become desynchronized. This may allow the attacker to gain elevated privileges...

Linux <= 2.6.37-rc1 serial_core TIOCGICOUNT Leak Exploit

No description provided by source. / Linux = 2.6.37-rc1 serialcore TIOCGICOUNT leak ================================================ Information leak exploit for CVE-2010-4077 which leaks kernel stack space back to userland due to uninitialized struct member reserved in struct serialicounterstruc...