MOKB-09-11-2006

Title: Mac OS X fpathconf syscall denial of service Warning - wet floor! Description: Failure to handle unknown file types by the Mac OS X kernel XNU fpathconf syscall causes a kernel panic, leading to an exploitable local denial of service by non-privileged users. The bug was fixed by FreeBSD on...

CVE-2006-5836

The fpathconf syscall function in bsd/kern/kerndescrip.c in the Darwin kernel XNU 8.8.1 in Apple Mac OS X allows local users to cause a denial of service kernel panic and possibly execute arbitrary code via a file descriptor with an unrecognized file type...

CVE-2006-5836

The CVE-2006-5836 entry concerns the Mac OS X kernel (Darwin/XNU) fpathconf() syscall in kern_descrip.c, affecting Darwin 8.8.1. The vulnerability allows an authenticated local attacker to trigger a kernel panic (DoS) via a file descriptor associated with an unrecognized file type (e.g., semaphor...

CVE-2006-5824

Integer overflow in the ffsrdextattr function in FreeBSD 6.1 allows local users to cause a denial of service kernel panic and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross...

CVE-2006-4516

CVE-2006-4516 affects FreeBSD 6.0-RELEASE. The kernel’s PT_LWPINFO ptrace handling has a signedness flaw: a large negative data value can bypass the signed check and be passed to copyout, causing memory corruption and kernel panic. Impact is a local denial-of-service condition. Described in iDefe...

CVE-2006-4516

Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service memory corruption and kernel panic via a PTLWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call...

security flaw

The clipmkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service panic via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed freed pointer dereference...

CVE-2006-5013

Sun Solaris 10 before patch 118855-16 20060925, when run on x64 systems using IPv6, allows remote attackers to cause a denial of service kernel panic via crafted IPv6 packets...

iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Overflow Vulnerability

FreeBSD i386setldt Integer Overflow Vulnerability iDefense Security Advisory 09.23.06 http://www.idefense.com/intelligence/vulnerabilities/ Sep 23, 2006 I. BACKGROUND FreeBSD is a modern operating system for x86, amd64, Alpha, IA-64, PC-98 and SPARC architectures. It's based on the UNIX operating...

USN-346-1: Linux kernel vulnerabilities

A Denial of service vulnerability was reported in iptables' SCTP conntrack module. On computers which use this iptables module, a remote attacker could expoit this to trigger a kernel crash. CVE-2006-2934 A buffer overflow has been discovered in the dvdreadbca function. By inserting a specially...

CVE-2006-4435

OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service kernel panic by allocating more semaphores than the default...

CVE-2006-4435

OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service kernel panic by allocating more semaphores than the default...

FreeBSD Security Advisory FreeBSD-SA-06:18.ppp [REVISED]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:08.ppp Security Advisory The FreeBSD Project Topic: Buffer overflow in sppp4 Category: core Module: sysnet Announced: 2006-08-23 Credits: Martin Husemann, Pave...

FreeBSD Security Advisory FreeBSD-SA-06:18.ppp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:08.ppp Security Advisory The FreeBSD Project Topic: Buffer overflow in ppp4 Category: core Module: sysnet Announced: 2006-08-23 Credits: Martin Husemann, Pavel...

FreeBSD-SA-06:18.ppp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:08.ppp Security Advisory The FreeBSD Project Topic: Buffer overflow in sppp4 Category: core Module: sysnet Announced: 2006-08-23 Credits: Martin Husemann, Pave...

Linux Kernel 2.6.17.7 - NFS and EXT3 Combination Remote Denial of Service

Linux Kernel 2.6.17.7 - NFS and EXT3 Combination Remote Denial of Service source: https://www.securityfocus.com/bid/19396/info The Linux kernel is susceptible to a remote denial-of-service vulnerability because the EXT3 filesystem code fails to properly handle unexpected conditions. Remote...

CVE-2005-2194

Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service kernel panic via a crafted TCP packet, possibly related to source routing or loose source routing...

Linux Kernel 2.6.x - Proc dentry_unused Corruption Local Denial of Service

Linux Kernel 2.6.x - Proc dentryunused Corruption Local Denial of Service source: https://www.securityfocus.com/bid/18183/info The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a flaw in the 'proc' filesystem. This vulnerability allows local users to cause...

security flaw

The ECNE chunk handling in Linux SCTP lksctp before 2.6.17 allows remote attackers to cause a denial of service kernel panic via an unexpected chunk when the session is in CLOSED state...

Linux SCTP ECNE Chunk Handling Remote DoS

There is a flaw in the SCTP code included in Linux kernel versions 2.6.16.x that results in a kernel panic when an SCTP packet with an unexpected ECNE chunk is received in a CLOSED state. An attacker can leverage this flaw to crash the remote host with a single, possibly forged, packet. C Tenable...