CVE-2008-0007

Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset...

[SECURITY] [DSA 1436-1] New Linux 2.6.18 packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1436-1 [email protected] http://www.debian.org/security/ dann frazier December 20th, 2007 http://www.debian.org/security/faq -...

Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability Advisory ID: cisco-sa-20071205-csa http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml Revision 1.0 For Public Release 2007...

LTC36188-Don't allow the stack to grow into hugetlb reserved regions

mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service OOPS via unspecified vectors...

ALSA memory disclosure flaw

The sndmemprocread function in sound/core/memalloc.c in the Advanced Linux Sound Architecture ALSA in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information kernel memory contents via a small count argument, as demonstrate...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These ne...

AhnLab AntiVirus Remote Kernel Memory Corruption

AhnLab AntiVirus Remote Kernel Memory Corruption Sowhat of Nevis Labs HTTP://www.nevisnetworks.com http://secway.org/advisory/AD20071116.txt Vendor: AhnLab Inc. Affected: AhnLab Antivirus V3 Internet Security 2008 The other version maybe vulnerable too. This vulnerability has been confirmed on...

[TKADV2007-001] Mac OS X TIOCSETD IOCTL Kernel Memory Corruption Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Mac OS X TIOCSETD IOCTL Kernel Memory Corruption Vulnerability Advisory ID: TKADV2007-001 Revision: 1.0 Release Date: 2007/11/15 Last Modified: 2007/11/15 Date Reported: 2007/03/19 Author: Tobias Klein tk at trapkit.de Affected Software: Mac...

CVE-2007-5667

NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the .\nwfilter device available for arbitrary user-mode input via METHODNEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel...

CVE-2007-5667

CVE-2007-5667 affects the Novell NetWare Client for Windows, where the nwfilter.sys driver is loaded at startup and exposes the local-device .wfilter via METHOD_NEITHER IOCTLs. The vulnerability allows an unprivileged local user to pass kernel addresses as arguments and overwrite kernel memory, e...

CVE-2007-5667

NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the .\nwfilter device available for arbitrary user-mode input via METHODNEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel...

Novell Netware client privilege escalation

Unprivileged user can manipulate kernel memory with .nwfilter device...

Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/-2.6.12/-2.6.15 vulnerabilities (USN-311-1)

A race condition was discovered in the doaddcounters functions. Processes which do not run with full root privileges, but have the CAPNETADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so th...

Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-restricted-modules-2.6.15/.17/.20 vulnerabilities (USN-479-1)

Multiple flaws in the MadWifi driver were discovered that could lead to a system crash. A physically near-by attacker could generate specially crafted wireless network traffic and cause a denial of service. CVE-2006-7177, CVE-2006-7178, CVE-2006-7179, CVE-2007-2829, CVE-2007-2830 A flaw was...

Ubuntu 7.04 : linux-source-2.6.20 vulnerabilities (USN-510-1)

A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. CVE-2007-2525 An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel...

CVE-2007-4223

Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors...

Design/Logic Flaw

Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors...

Microsoft Sysinternals DebugView privilege escalation

Dbgv.sys Driver allows any user to copy any data in kernel memory...

Solaris 10 x86/sparc sysinfo Kernel Memory Disclosure Exploit

No description provided by source. / 07/2006: public release SPARC Solaris 10 without 118833-09 x86 Solaris 10 without 118855-06 Solaris sysinfo Kernel Memory Disclosure By qaaz / include stdio.h include stdlib.h include unistd.h include string.h include sys/mman.h include sys/systeminfo.h define...

Solaris fifofs I_PEEK Kernel Memory Disclosure Exploit (x86/sparc)

No description provided by source. / 10/2007: public release SPARC Solaris 8 without 109454-06 Solaris 9 without 117471-04 Solaris 10 without 127737-01 x86 Solaris 8 without 109455-06 Solaris 9 without 117472-04 Solaris 10 without 127738-01 ...