CVE-2003-0955

OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service kernel panic and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by 1 ibcs2exec.c in the iBCS2 emulation compatibcs2 or 2 execelf.c, which leads to a stack-based...

OpenBSD 3.33.4 - semctlsemop Local Unexpected Array Indexing

OpenBSD 3.33.4 - semctlsemop Local Unexpected Array Indexing // source: https://www.securityfocus.com/bid/9086/info A local OpenBSD kernel vulnerability has been discovered when handling the semctl and semop system calls. The problem specifically occurs due to improper sanity checking before...

OpenBSD 3.3/3.4 - semctl/semop Local Unexpected Array Indexing

// source: https://www.securityfocus.com/bid/9086/info A local OpenBSD kernel vulnerability has been discovered when handling the semctl and semop system calls. The problem specifically occurs due to improper sanity checking before handling a user-supplied semaphore set. It is said that this coul...

[Full-Disclosure] OpenBSD kernel panic, yet still O*BSD much worse than MS-DoS 6.0

ppl think "hey, local DoS sucks", therefore they are. i think "hey, obsd sucks", therefore i am. include stdio.h include sys/param.h include sys/sysctl.h int main unsigned int blah2 = CTLKERN, 0 , addr = -4096 + 1; return sysctl blah, 2, void addr, &blah1, 0, 0; it's wide, it's opened, it's surel...

OpenBSD 3.3/3.4 - 'sysctl' Local Denial of Service

// source: https://www.securityfocus.com/bid/9073/info A denial of service vulnerability has been reported for OpenBSD, specifically when handling malformed calls to sysctl. By invoking systcl and passing a specific flag in conjunction with a negative argument may trigger a kernel panic. This cou...

OpenBSD 3.33.4 - sysctl Local Denial of Service

OpenBSD 3.33.4 - sysctl Local Denial of Service // source: https://www.securityfocus.com/bid/9073/info A denial of service vulnerability has been reported for OpenBSD, specifically when handling malformed calls to sysctl. By invoking systcl and passing a specific flag in conjunction with a negati...

[Full-Disclosure] OpenBSD kernel panic, yet still *BSD much better than windows

Georgi Guninski security advisory 63, 2003 OpenBSD kernel panic, yet still BSD much better than windows Systems affected: tested on OpenBSD 3.3 and 2.8, probably other versions also affected Risk: Low Date: 4 November 2003 Legal Notice: This Advisory is Copyright c 2003 Georgi Guninski. You may...

OpenBSD 2.x3.x - Local Malformed Binary Execution Denial of Service

OpenBSD 2.x3.x - Local Malformed Binary Execution Denial of Service // source: https://www.securityfocus.com/bid/8978/info The OpenBSD team has fixed a vulnerability in the OpenBSD kernel when handling certain executables. It appears that the problem lies in the lack of specific sanity checks on...

OpenBSD 2.x/3.x - Local Malformed Binary Execution Denial of Service

// source: https://www.securityfocus.com/bid/8978/info The OpenBSD team has fixed a vulnerability in the OpenBSD kernel when handling certain executables. It appears that the problem lies in the lack of specific sanity checks on binary header values. As a result, a user who constructs a malformed...

CVE-2003-1061

Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service kernel panic, as demonstrated via the namefs function, pipe, and certain STREAMS routines...

CVE-2003-0576

Unknown vulnerability in the NFS daemon nfsd in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service kernel panic via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619...

CVE-2003-0619

Integer signedness error in the decodefh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service kernel panic via a negative size value within XDR data of an NFSv3 procedure call...

CVE-2003-0576

Unknown vulnerability in the NFS daemon nfsd in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service kernel panic via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619...

CVE-2003-0576

CVE-2003-0576 is a remote DoS in SGI IRIX 6.5.x via the NFS daemon (nfsd) stemming from XDR decoding errors that cause kernel panics. The SGI advisory (CAN-2003-0576) states IRIX 6.5.19f and earlier are affected and recommends upgrading to IRIX 6.5.20 or applying the listed patches. The connected...

Denial of Service Vulnerability in NFS on IRIX

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title : Denial of Service Vulnerability in NFS XDR decoding Number : 20030801-01-P Date : August 13, 2003 Reference: CVE 2003-0576 Reference: SGI BUG 894659 Fixed in : IRIX 6.5.20 or patches 5229, 5230, 5240, 5241, 5227, 5228 SGI provides...

CVE-2003-0653

The OSI networking kernel sys/netiso in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service kernel panic or crash via certain OSI packets...

CVE-2003-0619

Integer signedness error in the decodefh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service kernel panic via a negative size value within XDR data of an NFSv3 procedure call...

Linux 2.4 NFSv3 knfsd Malformed GETATTR Request Remote DoS

The remote host is running knfsd, a kernel NFS daemon. There is a vulnerability in this version that may allow an attacker to cause a kernel panic on the remote host by sending a malformed GETATTR request with an invalid length field. C Tenable Network Security, Inc. include"compat.inc"; if...

Remote Linux Kernel < 2.4.21 DoS in XDR routine.

Hello all, I have discovered a signed/unsigned issue in a routine responsible for demarshalling XDR data for NFSv3 procedure calls. As far as I can tell, this bug has existed since NFSv3 support was integrated. It has been silently fixed in 2.4.21. The bug is in the decodefh routine of...

CVE-2003-1064

Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service kernel panic via a crafted IPv6 packet...