kernel: possible privilege escalation via SG_IO ioctl

The Linux kernel before 3.2.2 does not properly restrict SGIO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to 1 a partition block device or 2 an LVM volume...

kernel: no access restrictions of /proc/pid/* after setuid program exec

The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lsee...

kernel: perf tools: may parse user-controlled configuration file

Untrusted search path vulnerability in the perfconfig function in tools/perf/util/config.c in perf, as distributed in the Linux kernel before 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory...

kernel: ipv6: make fragment identifications less predictable

The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service disrupted networking by predicting these values and sending crafted packets...

PT-2013-1402 · Red Hat +1 · Red Hat +1

Name of the Vulnerable Software and Affected Versions: Linux kernel version 2.6.18 on Red Hat Enterprise Linux RHEL 5 Description: The issue is related to a certain Red Hat patch to the br deliver function in net/bridge/br forward.c in the Linux kernel. This allows remote attackers to cause a...

kernel: /proc/PID/io infoleak

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc//io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password...

kernel: ipv4: netfilter: arp_tables: fix infoleak to userspace

net/ipv4/netfilter/arptables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by...

DEC Alpha Linux <= 3.0 Local Root Exploit

Exploit for linux platform in category local exploits / DEC Alpha Linux include include include include include include include include include include define SYSosfwait4 7 define SOCKOFFSET 552 / Offset of skdestruct fptr in sock struct, change for your kernel / define PAGESIZE 8192 / DEC alpha...

Design/Logic Flaw

The agpgenericremovememory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service system crash via a crafted AGPIOCUNBIND agpioctl ioctl call, a different...

PT-2011-1062 · Suse +2 · Ext4Dev-Kmp-Trace +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.38 Description: The issue is related to the Generic Receive Offload GRO implementation in the Linux kernel. A problem in the napi reuse skb function in net/core/dev.c does not reset the values of certain...

PT-2011-1083 · Suse +2 · Kernel-Kdumppae +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.39 kernel-kdumppae affected versions not specified Description: The issue is related to an integer overflow in the Linux kernel, specifically in the vma to resize function in mm/mremap.c, which can be...

PT-2011-1080 · Suse +1 · Suse Linux Enterprise +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.39.1 Description: The issue is related to the ldm frag add function in fs/partitions/ldm.c, which does not properly handle memory allocation for non-initial fragments. This might allow local users to conduct...

kernel security, bug fix, and enhancement update

2.6.32-71.18.1.el6 - netdrv ixgbe: make sure FCoE DDP user buffers are really released by the HW Frantisek Hrbata 674002 617193 - netdrv ixgbe: invalidate FCoE DDP context when no error status is available Frantisek Hrbata 674002 617193 - netdrv ixgbe: avoid doing FCoE DDP when adapter is DOWN or...

kernel security and bug fix update

2.6.18-238.1.1.0.1.el5 - fix filpclose race Joe Jin orabug 10335998 - fix missing aiocomplete in endio Joel Becker orabug 10365195 - make xenkbd.abspointer=1 by default orabug 67188919 - xen check to see if hypervisor supports memory reservation change Chuck Anderson orabug 7556514 - net Enable...

kernel: drivers/usb/serial/mos*.c: reading uninitialized stack memory

The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the 1 mos7720ioctl function in...

PT-2011-1486 · Linux +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen versions prior to 3.4.0 for the Linux kernel 2.6.18 Description: The issue allows guest OS users to cause a denial of service, resulting in an infinite loop and CPU consumption. This is achieved by sending a large production request index...

kernel-2.6.18.194 */*e15 */* 2010 Local Root Exploit

Exploit for linux platform in category local exploits ==================================================== kernel-2.6.18.194 /e15 / 2010 Local Root Exploit ==================================================== Author: Hackeri-AL Email : h-al at hotmail dot it Group : UAH / United ALBANIA Hackers W...

OSX/Intel - setuid shell x86_64 - 51 bytes

OSX/Intel - setuid shell x8664 - 51 bytes. Shellcode exploit for osx platform / Title: OSX/Intel - setuid shell x8664 - 51 bytes Date: 2010-11-25 Tested on: Mac OS X 10.6.5 - Darwin Kernel Version 10.5.0 Author: Dustin Schultz - twitter: @thexploit http://thexploit.com BITS 64 section .text globa...

CentOS Update for kernel CESA-2010:0718 centos4 i386

Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2010:0718 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

PT-2010-4424 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.35 Description: The issue allows remote authenticated users to read unlinked files or read and overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked...