MS08-061: Microsoft Windows Kernel Multiple Privilege Elevation (954211)

The remote host contains a version of the Windows kernel that is vulnerable to a security flaw that could allow a local user to elevate his privileges or to crash it therefore causing a denial of service. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid34406;...

kernel snd_seq_oss_synth_make_info leak

The sndseqosssynthmakeinfo function in sound/core/seq/oss/seqosssynth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by maxsynthdev before returning certain data to the caller, which allows local users to obtain...

kernel: ptrace: Unprivileged crash on x86_64 %cs corruption

Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service crash via certain ptrace calls...

kernel: add rcu_read_lock() to fcheck() in both dnotify, locks.c and fix fcntl store/load race in locks.c

Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to 1 execute code in parallel or 2 exploit a race condition to obtain "re-ordered access to the descriptor table."...

Debian: Security Advisory (DSA-479-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8)

The remote host is missing an update to kernel-source-2.6.8 announced via advisory DSA 1017-1. OpenVAS Vulnerability Test $Id: deb10171.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1017-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-1183-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2007-6895 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.23.10 Description: The issue is related to an integer overflow in the hrtimer start function, which can be exploited by local users to execute arbitrary code or cause a denial of service, resulting in a syst...

Linux Kernel < 2.6.16.18 (Netfilter NAT SNMP Module) Remote DoS Exploit

No description provided by source. / ecl-nf-snmpwn.c - 30/05/06 Alex Behar [email protected] Yuri Gushin [email protected] A patch review we did on the 2.6.16.17-18 Linux kernel source tree revealed a restructuring of code in the snmpparsemangle and the snmptrapdecode functions. After further...

Linux Kernel DCCP多个本地信息泄露漏洞

Linux是一款开放源代码的操作系统。 Linux针对DCCP支持存在多个问题，本地攻击者可以利用漏洞访问敏感信息。 问题存在于net/dccp/proto.c文件中的dodccpgetsockopt函数： ----------------------- static int dodccpgetsockoptstruct sock sk, int level, int optname, char user optval, int user optlen ... if getuserlen, optlen return -EFAULT; if len sizeofint return...

Linux Kernel <= 2.6.20 with DCCP Support Memory Disclosure Exploit v2

Exploit for linux platform in category local exploits ===================================================================== Linux Kernel include include include include include include define BUFSIZE 0x10000000 int mainint argc, char argv void mem = mmap0, BUFSIZE, PROTREAD | PROTWRITE,...

MOAB-13-01-2007: Apple DMG HFS+ do_hfs_truncate&#40;&#41; Denial of Service Vulnerability

Summary A specially crafted HFS+ filesystem in a DMG image can cause the dohfstruncate function to panic the kernel denial of service, when attempting to remove a file from the mounted filesystem. This issue can't lead to arbitrary code execution, although there's a significant risk of local HFS+...

MOAB-12-01-2007: Apple DMG UFS ufs_lookup&#40;&#41; Denial of Service Vulnerability

Summary A specially crafted UFS filesystem in a DMG image can cause the ufslookup function to call ufsdirbad when a corrupted directory entry is being read, leading to a kernel panic denial of service. This issue can't lead to arbitrary code execution. Affected versions This issue has been verifi...

DSA-1233 kernel-source-2.6.8 - several

Bulletin has no description...

Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit)

A proof-of-concept exploit has been added to the Metasploit Framework 3.0 source tree: msf use auxiliary/dos/wireless/daringphucball require 'msf/core' module Msf class Auxiliary::Dos::Wireless::DaringPhucball 'Apple Airport 802.11 Probe Response Kernel Memory Corruption', 'Description' = %q The...

[SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- Debian Security Advisory DSA 1111-1 security at debian dot org email concealed http://www.debian.org/security/ Dann Frazier Jul 16th, 2006 http://www.debian.org/security/faq...

Linux Kernel <= 2.6.17.4 (proc) Local Root Exploit

Exploit for linux platform in category local exploits ================================================== Linux Kernel Example: h00lyshit /usr/X11R6/lib/libethereal.so.0.0.1 if y0u dont have one, make big file 100MB in /tmp with dd and try to junk the cache e.g. cat /usr/lib/ /dev/null / include...

Linux Kernel 2.6.13 2.6.17.4 - sys_prctl() Local Privilege Escalation (2)

Linux Kernel 2.6.13 2.6.17.4 - sysprctl Local Privilege Escalation 2 / Linux = 2.6.13 prctl kernel exploit C Julien TINNES If you read the Changelog from 2.6.13 you've probably seen: PATCH setuid core dump This patch mainly adds suidsafe to suiddumpable sysctl but also a new per process, user...

Linux Kernel may fail to properly handle SNMP packets

Overview A memory freeing vulnerability in the Linux kernel module ipnatsnmpbasic can be exploited to create a denial-of-service condition. Description ipnatsnmpbasic The ipnatsnmpbasic IP NAT module is intended for use with SNMP network discovery and monitoring applications where target networks...

Python &lt;= 2.4.2 realpath() Local Stack Overflow Exploit

No description provided by source. !/usr/bin/python gexp-python.py Python = 2.4.2 realpath Local Stack Overflow ----------------------------------------------- Against VA Space Randomization. Copyright c 2006 Gotfault Security Bug found and developed by: dx/vaxen Gotfault Security, posidron Tripb...