6571 matches found
Bluetooth setsockopt() information leaks
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copyfromuser function accessing an uninitialized stack buffer...
CVE-2007-2875
Integer underflow in the cpusettasksread function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file...
Integer overflow
Integer underflow in the cpusettasksread function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file...
CVE-2007-2875
CVE-2007-2875 concerns an Integer underflow in cpuset_tasks_read of the Linux kernel when the cpuset filesystem is mounted. The issue affects kernels prior to 2.6.20.13 and 2.6.21.x prior to 2.6.21.4, allowing a local attacker to read kernel memory contents by supplying a large offset while readi...
CVE-2007-2875
Integer underflow in the cpusettasksread function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file...
iDefense Security Advisory 06.07.07: Linux Kernel cpuset tasks Information Disclosure Vulnerability
Linux Kernel cpuset tasks Information Disclosure Vulnerability iDefense Security Advisory 06.07.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 07, 2007 I. BACKGROUND Linux is a clone of the UNIX operating system, written from scratch by Linus Torvalds with assistance from a...
CVE-2007-2831
Array index error in the 1 ieee80211ioctlgetwmmparams and 2 ieee80211ioctlsetwmmparams functions in net80211/ieee80211wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service system crash, possibly obtain kernel memory contents, and possibly execute arbitrary code via ...
Code injection
Array index error in the 1 ieee80211ioctlgetwmmparams and 2 ieee80211ioctlsetwmmparams functions in net80211/ieee80211wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service system crash, possibly obtain kernel memory contents, and possibly execute arbitrary code via ...
CVE-2007-2831
Array index error in the 1 ieee80211ioctlgetwmmparams and 2 ieee80211ioctlsetwmmparams functions in net80211/ieee80211wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service system crash, possibly obtain kernel memory contents, and possibly execute arbitrary code via ...
CVE-2007-2831
CVE-2007-2831 affects the MadWifi driver prior to 0.9.3.1. Affected code paths are the net80211/ieee80211_wireless.c functions ieee80211_ioctl_getwmmparams and ieee80211_ioctl_setwmmparams, where an oversized negative array index can cause a system crash, potentially expose kernel memory contents...
CVE-2007-2831
Array index error in the 1 ieee80211ioctlgetwmmparams and 2 ieee80211ioctlsetwmmparams functions in net80211/ieee80211wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service system crash, possibly obtain kernel memory contents, and possibly execute arbitrary code via ...
SOL5835 - Security Advisory: Possible kernel memory vulnerability in the sendfile() system call - CVE-2005-0708
Vulnerability description The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information. Information about this advisory is available a...
security flaw
The ipv6getsockoptsticky function in net/ipv6/ipv6sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference...
[Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation
CHECK POINT ZONE LABS PRODUCTS MULTIPLE LOCAL PRIVILEGE ESCALATION VULNERABILITIES Rubйn Santamarta [email protected] 04.20.2007 Affected products: + ZoneAlarm Srescan.sys v 5.0.155 and earlier Srescan.sys is exposed through the following Dos Device:“.SreScan”. Restricted accounts ,including...
CVE-2007-1734
The DCCP support in the dodccpgetsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service oops, a related issue to...
Out-of-bounds
The DCCP support in the dodccpgetsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service oops, a related issue to...
Integer overflow
Integer signedness error in the DCCP support in the dodccpgetsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service oops via a negative optlen value...
CVE-2007-1730
Integer signedness error in the DCCP support in the dodccpgetsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service oops via a negative optlen value...
CVE-2007-1730
Integer signedness error in the DCCP support in the dodccpgetsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service oops via a negative optlen value...
Linux Kernel 2.6.20 with DCCP Support - Memory Disclosure (2)
Linux Kernel 2.6.20 with DCCP Support - Memory Disclosure 2 include include include include include include include define BUFSIZE 0x10000000 int mainint argc, char argv void mem = mmap0, BUFSIZE, PROTREAD | PROTWRITE, MAPANONYMOUS | MAPPRIVATE, 0, 0; if mem == void-1 printf"Alloc failed\n"; retu...