Mandriva Linux Security Advisory : kernel (MDVSA-2010:198)

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount symlinks, which allows attackers to have an unknown impact, related to LOOKUPFOLLOW. CVE-2010-1088 The tcfilltclass function in...

Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure

Exploit for linux platform in category local exploits ========================================================== Linux Kernel http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=638085 The PKTCTRLCMDSTATUS device ioctl retrieves a pointer to a pktcdvddevice from the...

kernel: information leak via userspace USB interface

The processcomplcompat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensiti...

kernel: net sched: fix some kernel memory leaks

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors relate...

Linux Kernel &lt; 2.6.36-rc6 (RedHat / Ubuntu 10.04) - &#039;pktcdvd&#039; Kernel Memory Disclosure

/ cve-2010-3437.c Linux Kernel http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=638085 The PKTCTRLCMDSTATUS device ioctl retrieves a pointer to a pktcdvddevice from the global pktdevs array. The index into this array is provided directly by the user and is a signed...

kernel security and bug fix update

2.6.18-194.17.1.0.1.el5 - xen check to see if hypervisor supports memory reservation change Chuck Anderson orabug 7556514 - Add entropy support to igb John Sobecki orabug 7607479 - nfs convert ENETUNREACH to ENOTCONN orabug 7689332 - NET Add xen pv/bonding netconsole support Tina Yang orabug...

Mandriva Update for kernel MDVSA-2010:188 (kernel)

Check for the Version of kernel OpenVAS Vulnerability Test Mandriva Update for kernel MDVSA-2010:188 kernel Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

CVE-2010-3477

The CVE-2010-3477 issue affects the Linux kernel’s net/sched/act_police.c (tcf_act_police_dump) in versions before 2.6.36-rc4. The root cause is incomplete initialization of certain structure members during dump operations, allowing local users to read potentially sensitive kernel memory. The vul...

CVE-2010-2942

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors relate...

Kingsoft Antivirus 'kavfm.sys' Buffer overflow Vulnerability

This host is installed with Kingsoft Antivirus and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodkingsoftantivirusbofvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Kingsoft Antivirus 'kavfm.sys' Buffer overflow Vulnerability Authors: Madhuri D Copyright: Copyright...

CVE-2010-2803

The drmioctl function in drivers/gpu/drm/drmdrv.c in the Direct Rendering Manager DRM subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory...

kernel: mm: keep a guard page below a grow-down stack segment

The doanonymouspage function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to t...

kernel: mm: keep a guard page below a grow-down stack segment

The doanonymouspage function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to t...

PT-2010-1037 · Linbit +2 · Drbd-Kmp-Default +2

Name of the Vulnerable Software and Affected Versions: drbd-kmp-default versions affected versions not specified Linux kernel versions prior to 2.6.27.53 Linux kernel versions 2.6.32.x prior to 2.6.32.21 Linux kernel versions 2.6.34.x prior to 2.6.34.6 Linux kernel versions 2.6.35.x prior to...

USN-974-1: Linux kernel vulnerabilities

Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not properly handle when applications grow stacks into adjacent memory regions. A local attacker could exploit this to gain control of certain applications, potentially leading to privilege escalation, as...

FreeBSD / NetBSD Coda file system information leak

Kernel memory information leak via IOCTL...

CVE-2010-3014: Coda Filesystem Kernel Memory Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Coda Filesystem Kernel Memory Disclosure Release Date: 2010-08-16 Application: Coda kernel module for NetB...

kernel: information leak via userspace USB interface

The processcomplcompat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensiti...

kernel: mm: keep a guard page below a grow-down stack segment

The doanonymouspage function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to t...

Microsoft Windows - nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks (MS10-047)

Microsoft Windows nt!SeObjectCreateSaclAccessBits missed ACE bounds checks ---------------------------------------------------------------------------- CVE-2010-1890 An ACE is an Access Control Entry, of which many may be attached to an ACL Access Control List. On Windows, an ACL can be of type...