Session fixation

The uartgetcount function in drivers/serial/serialcore.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

CVE-2010-4077

CVE-2010-4077 affects the Linux kernel up to 2.6.36.1: the function ntty_ioctl_tiocgicount in drivers/char/nozomi.c fails to initialize a structure member, allowing local attackers to read potentially sensitive information from kernel stack memory via the TIOCGICOUNT ioctl. The connected advisori...

CVE-2010-4078

CVE-2010-4078 affects the Linux kernel before 2.6.36-rc6, where the sisfb_ioctl function in drivers/video/sis/sis_main.c fails to properly initialize a structure member. This allows local users to leak potentially sensitive information from kernel stack memory via the FBIOGET_VBLANK ioctl. Connec...

CVE-2010-4076

The rsioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...

CVE-2010-4073

The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the 1 compatsyssemctl, 2 compatsysmsgctl, and 3 compatsysshmctl functions in...

kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak

The xfsiocfsgetxattr function in fs/xfs/linux-2.6/xfsioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call...

Linux Kernel 2.4.0 - Stack Infoleaks

Linux Kernel 2.4.0 - Stack Infoleaks //Enjoy... // //-Dan / You've done it. After hours of gdb and caffeine, you've finally got a shell on your target's server. Maybe next time they will think twice about running MyFirstCompSciProjectFTPD on a production machine. As you take another sip of Mounta...

Linux Kernel 2.6.x - 'net/core/filter.c' Local Information Disclosure

/ source: https://www.securityfocus.com/bid/44758/info The Linux kernel is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. / / You've done it. After hours of gdb and caffeine, you've...

Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : linux, linux-ec2, linux-source-2.6.15 vulnerabilities (USN-1000-1)

Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. CVE-2010-3904 Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a...

kernel: drivers/net/cxgb3/cxgb3_main.c reading uninitialized stack memory

The cxgbextensionioctl function in drivers/net/cxgb3/cxgb3main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIOGETQSETNUM ioctl call...

[SECURITY] Fedora 12 Update: openswan-2.6.29-1.fc12

Openswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

Design/Logic Flaw

The cxgbextensionioctl function in drivers/net/cxgb3/cxgb3main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIOGETQSETNUM ioctl call...

CVE-2010-3078

The xfsiocfsgetxattr function in fs/xfs/linux-2.6/xfsioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call...

FreeBSD Kernel nfs_mount() Exploit

Exploit for freebsd platform in category local exploits ================================== FreeBSD Kernel nfsmount Exploit ================================== / nfsmountex.c -- Patroklos Argyroudis, argp at domain census-labs.com Local kernel exploit for FreeBSD 8.0, 7.3 and 7.2. FreeBSD...

Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack

Microsoft Windows NT GP Trap Handler Allows Users to Switch Kernel Stack ------------------------------------------------------------------------- CVE-2010-0232 In order to support BIOS service routines in legacy 16bit applications, the Windows NT Kernel supports the concept of BIOS calls in the...

Microsoft Windows NT User Mode To Ring 0 Escalation

Microsoft Windows NT GP Trap Handler Allows Users to Switch Kernel Stack ------------------------------------------------------------------------- CVE-2010-0232 In order to support BIOS service routines in legacy 16bit applications, the Windows NT Kernel supports the concept of BIOS calls in the...

Microsoft Windows NT200020032008XPVista7 - KiTrap0D User Mode to Ring Escalation (MS10-015)

Microsoft Windows NT200020032008XPVista7 - KiTrap0D User Mode to Ring Escalation MS10-015 Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11199.zip KiTrap0D.zip E-DB Note: Make sure to run "vdmallowed.exe" pre-compiled inside the subfolder...

Windows NT User Mode to Ring 0 Escalation Vulnerability

Exploit for unknown platform in category local exploits ======================================================= Windows NT User Mode to Ring 0 Escalation Vulnerability ======================================================= Microsoft Windows NT GP Trap Handler Allows Users to Switch Kernel Stack...

Fedora Core 11 FEDORA-2009-10639 (kernel)

The remote host is missing an update to kernel announced via advisory FEDORA-2009-10639. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

CVE-2009-2911

SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to 1 cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, 2 cause a denial of service...