764 matches found
CVE-2009-2911
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to 1 cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, 2 cause a denial of service...
Stack overflow
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to 1 cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, 2 cause a denial of service...
CVE-2009-2911
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to 1 cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, 2 cause a denial of service...
CVE-2009-2911
CVE-2009-2911 affects SystemTap 1.0 when run in --unprivileged mode, with root cause described as improper restriction of data sizes leading to kernel stack/frames overflow and DoS via large argument lists, DWARF processing, or unwind table growth. Multiple connected advisories (openSUSE OSV-OPEN...
CVE-2009-2911
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to 1 cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, 2 cause a denial of service...
USN-852-1: Linux kernel vulnerabilities
Solar Designer discovered that the z90crypt driver did not correctly check capabilities. A local attacker could exploit this to shut down the device, leading to a denial of service. Only affected Ubuntu 6.06. CVE-2009-1883 Michael Buesch discovered that the SGI GRU driver did not correctly check...
kernel: information leak in sigaltstack
The dosigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack...
NetBSD 5.0.1 - 'IRET' General Protection Fault Handling Privilege Escalation
/ source: https://www.securityfocus.com/bid/36430/info NetBSD is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to cause the kernel stack to become desynchronized. This may allow the attacker to gain elevated privileges or may aid in further attacks. ...
NetBSD 5.0.1 - IRET General Protection Fault Handling Privilege Escalation
NetBSD 5.0.1 - IRET General Protection Fault Handling Privilege Escalation / source: https://www.securityfocus.com/bid/36430/info NetBSD is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to cause the kernel stack to become desynchronized. This may all...
Linux Kernel 'net/llc/af_llc.c'本地信息泄漏漏洞
Bugraq ID: 36126 Linux是一款开放源代码的操作系统。 AFLLC包含的getsockname存在未初始化问题,可导致泄漏5个字节的未初始化内核堆栈。 攻击者可借此获得敏感信息。 Linux kernel 2.6.31 -rc7 Linux kernel 2.6.31 -rc6 Linux kernel 2.6.31 -rc3 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linu...
Linux Kernel 2.6.31-rc5 - sigaltstack 4-Byte Stack Disclosure
Linux Kernel 2.6.31-rc5 - sigaltstack 4-Byte Stack Disclosure / sigaltstack-leak.c Linux Kernel http://jon.oberheide.org Information: http://git.kernel.org/linus/0083fc2c50e6c5127c2802ad323adf8143ab7856 Ulrich Drepper correctly points out that there is generally padding in the structure on 64-bit...
Linux Kernel <= 2.6.31-rc5 sigaltstack 4-Byte Stack Disclosure Exploit
Exploit for linux platform in category local exploits ====================================================================== Linux Kernel include include include include include include include include const int randcalls = 0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 13, 14, 16, 21, 22, 24, 25, 32, 33, 36...
Windows Vista iphlpapi.dll本地内核栈溢出漏洞
BUGTRAQ ID: 32357 Windows Vista是微软发布的最新版本的操作系统。 在使用CreateIpForwardEntry2方式向IPv4路由表添加路由项时,如果对MIBIPFORWARDROW2结构所包含的DestinationPrefix结构中的目标PrefixLength成员传送了大于32的非法值的话,就会破坏内核空间内存,导致随机的蓝屏崩溃。传送的非法值越大,所触发的崩溃就会越快出现。 此外如果使用系统自带的route add命令并在子网掩码中使用了非法值的话,该命令也可以触发相同的缓冲区溢出。 Microsoft Windows Vista Microsof...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise MRG 1.0. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...
Cisco VPN Client - IPSec Driver Local kernel system pool Corruption (PoC)
/ cpndrv-dos.c Copyright c 2008 by Cisco Systems VPN Client IPSec Driver local kernel system pool corruption POC by mu-b - Sat 11 Jan 2008 - Tested on: CVPNDRVA.sys 5.0.02.0090 specifying an input buffer size less-than 8+31-bytes results in the local kernel non-paged pool METHODBUFFERED being...
[Full-disclosure] [Madwifi] Madwifi SIOCGIWSCAN buffer overflow // France Telecom
Name: Madwifi SIOCGIWSCAN buffer overflow Vendor: http://www.madwifi.org Release date: December, 7th 2006 CVE ID: CVE-2006-6332 Authors: Laurent BUTTI, Jerome RAZNIEWSKI, Julien TINNES 1. Description There is a buffer overflow in the madwifi Atheros driver in some functions called by SIOCSIWSCAN...
OpenBSD 2.x - 3.3 exec_ibcs2_coff_prep_zmagic() Kernel Exploit
No description provided by source. / OpenBSD 2.x - 3.3 / / execibcs2coffprepzmagic kernel stack overflow / / note: ibcs2 binary compatibility with SCO and ISC is enabled / / in the default install / / Copyright Feb 26 2003 Sinan "noir" Eren / / noir olympos org | noir uberhax0r net / / greets to...
Mandrake Linux Security Advisory : kernel (MDKSA-2005:110)
Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following CVE names have been fixed in the LE2005 kernel : Colin Percival discovered a vulnerability in Intel's Hyper-Threading technology could allow a local user to use a malicious thread to create...
SuSE-SA:2003:049: Linux Kernel
The remote host is missing the patch for the advisory SuSE-SA:2003:049 Linux Kernel. This security update fixes a serious vulnerability in the Linux kernel. A missing bounds check in the brk system call allowed processes to request memory beyond the maximum size allowed for tasks, causing kernel...
OpenBSD 2.x < 3.3 - 'exec_ibcs2_coff_prep_zmagic()' kernel stack overflow
/ OpenBSD 2.x - 3.3 / / execibcs2coffprepzmagic kernel stack overflow / / note: ibcs2 binary compatibility with SCO and ISC is enabled / / in the default install / / Copyright Feb 26 2003 Sinan "noir" Eren / / noir olympos org | noir uberhax0r net / / greets to brother nahual for making this...