WMMon 1.0 b2 - Memory Character File Open File Descriptor Read

WMMon 1.0 b2 - Memory Character File Open File Descriptor Read source: https://www.securityfocus.com/bid/5718/info It has been reported that wmmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attacker...

BubbleMon 1.x Kernel - Memory File Descriptor Leakage

source: https://www.securityfocus.com/bid/5714/info It has been reported that BubbleMon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and...

Microsoft Windows 2000 vulnerable to DoS via malformed packets sent to port 445/tcp

Overview The default configuration of Microsoft Windows 2000 does not properly handle malformed packets received on TCP port 445. As a result, Windows may cease to function normally upon receipt of malformed packets on this port. Description Microsoft LAN Manager LANMAN is enabled by default on...

WMMon 1.0 b2 - Memory Character File Open File Descriptor Read

source: https://www.securityfocus.com/bid/5718/info It has been reported that wmmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/km...

CVE-2002-0973

The CVE-2002-0973 entry describes an integer signedness error in FreeBSD 4.6.1 RELEASE-p10 and earlier affecting the (1) accept, (2) getsockname, (3) getpeername system calls, and (4) vesa FBIO_GETPALETTE ioctl. This vulnerability can allow attackers to access sensitive kernel memory by supplying...

CVE-2002-0973

Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the 1 accept, 2 getsockname, and 3 getpeername system calls, and the 4 vesa FBIOGETPALETTE ioctl...

Signed/unsigned conversion bug in OpenBSD select() call

By passing negative argument to select function it's possible to overwrite the fragment of kernel memory...

OpenBSD Security Advisory: Select Boundary Condition

OpenBSD Security Advisory adv.select Original Release Date: 2002-08-11 1. Systems affected: All versions of OpenBSD. 2. Overview: Insufficient boundary checks in the select call allow an attacker to overwrite kernel memory and execute arbitrary code in kernel context. Traditionally, the size...

CVE-2001-1166

linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process...

Protection bypass for linux grsecurity

It's possible to modify kernel memory by using memory mapping...

Grsecurity Kernel Patch 1.9.4 (Linux Kernel) - Memory Protection

Grsecurity Kernel Patch 1.9.4 Linux Kernel - Memory Protection source: https://www.securityfocus.com/bid/4762/info An attacker with root access may be able to write to kernel memory in spite of the security patch provided by grsecurity. The patch operates by redirecting the write system call, whe...

KPMG-2002011: Windows 2000 microsoft-ds Denial of Service

-------------------------------------------------------------------- -=Windows 2000 microsoft-ds Denial of Service=- courtesy of KPMG Denmark BUG-ID: 2002011 Released: 17th Apr 2002 -------------------------------------------------------------------- Problem: ======== The default LANMAN registry...

NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow

NSFOCUS Security AdvisorySA2002-02 Topic: Microsoft Windows MUP overlong request kernel overflow Release Date: 2002-4-04 CVE CAN ID : CAN-2002-0151 Affected system: =================== Microsoft Windows NT 4.0 Microsoft Windows 2000 Microsoft Windows XP Impact: ========= NSFOCUS Security Team has...

user-mode-linux problems

Program: User-mode-linux Version tested: patch-2.4.17-8 I assume all previous versions would be Not vulnerable: patch-2.4.17-9 Haven't tested any different techniques. Now for something completely different. Anything in 's is my comments to my article... deal with it. Description: ------------...

CVE-1999-1166

CVE-1999-1166 affects Linux 2.0.37 and is caused by not properly encoding the Custom segment limit, which allows local users to gain root privileges by accessing or modifying kernel memory. The connected documents reiterate the same description and do not provide a concrete remediation, workaroun...

CVE-1999-1166

Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory...

CVE-2001-0316

Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call...

CVE-2001-0316

CVE-2001-0316 affects Linux kernels 2.2 and 2.4 where sysctl can be invoked with a negative length, allowing unprivileged local users to read kernel memory and potentially obtain root privileges. Mitigation in the public records points to upgrading to kernel 2.2.19 or later (and vendor advisories...

CVE-2001-0316

Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call...

NT drivers are potentially vulnerable to format string bug

Many NT drivers are potentially vulnerable to "format string bug". The problem is concerned with DbgPrint function that is used for debug messages. Some drivers instead of directly call of this function use additional intermediate functions. Those functions add a prefix to an outputted string,...