CVE-2015-4001

Integer signedness error in the ozhcdgetdesccnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a crafted packet...

Rekall - The Most Complete Memory Analysis Framework

The Rekall Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory RAM samples. The extraction techniques are performed completely independent of the system being investigated but...

xen-kernel -- Information leak through XEN_DOMCTL_gettscinfo

The Xen Project reports: The handler for XENDOMCTLgettscinfo failed to initialize a padding field subsequently copied to guest memory. A similar leak existed in XENSYSCTLgetdomaininfolist, which is being addressed here regardless of that operation being declared unsafe for disaggregation by XSA-7...

tboot: argument measurement vulnerability for GRUB2+ELF kernels

Trusted Boot tboot before 1.8.2 has a 'loader.c' Security Bypass Vulnerability...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream -longterm 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a...

DEBIAN-CVE-2014-8134

The paravirtopssetup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirtenabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value...

CVE-2014-8134

The paravirtopssetup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirtenabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value...

OpenSSH 6.6 SFTP Misconfiguration Proof Of Concept

OpenSSH lets you grant SFTP access to users without allowing full command execution using "ForceCommand internal-sftp". However, if you misconfigure the server and don't use ChrootDirectory, the user will be able to access all parts of the filesystem that he has access to - including procfs. On...

CVE-2014-3181

Multiple stack-based buffer overflows in the magicmouserawevent function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service system crash or possibly execute arbitrary code via a crafted...

CVE-2014-5471

Stack consumption vulnerability in the parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service uncontrolled recursion, and system crash or reboot via a crafted iso9660 image with a CL entry referring to a directory...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

Fedora 19 : tboot-1.8.2-1.fc19 (2014-9104)

Security fix for CVE-2014-5118 tboot: argument measurement vulnerability for GRUB2+ELF kernels. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possib...

CVE-2014-5077

The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and OOPS by starting to establish an association between two endpoints immediately after an...

OS X 10.x, FreeBSD 4.x,OpenBSD 2.x,Solaris 2.5/2.6/7.0/8 exec C Library Standard I/O File Descriptor Closure

No description provided by source. source: http://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are valid open files before execing setuid images. Consequently, I/O that are opened by a...

PaX 2.6 Kernel Patch Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10264/info PaX for 2.6 series Linux kernels has been reported prone to a local denial of service vulnerability. The issue is reported to present itself when PaX Address Space Layout Randomization Layout ASLR is enabled. T...

Linux Kernel <= 2.6.21.1 - IPv6 Jumbo Bug Remote DoS Exploit

No description provided by source. / Clemens Kurtenbach ckurtenbach at s21sec . com PoC code for exploiting the jumbo bug found in linux kernels =2.6.20 and =2.6.21.1 gcc -O2 ipv6jumbocrash.c -o ipv6jumbocrash / / io / include stdio.h include string.h include stdlib.h / network / include...

Linux Kernel <= 2.6.3 (setsockopt) Local Denial of Service Exploit

No description provided by source. / setsockopt proof of concept code by Julien TINNES julien a.t cr0.org vulnerability found as always by Paul Starzetz This is only a lame POC which will crash the machine, no root shell here. Maybe later, when everybody will have an updated box. It should work o...

CVE-2014-0240

The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...

CVE-2014-0240

The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...

CVE-2014-0240

CVE-2014-0240 affects the mod_wsgi Apache module (daemon mode) where error codes from setuid are not properly handled on certain Linux kernels, enabling a local attacker to escalate privileges via vectors related to the number of running processes. Multiple vendors/advisories reference this flaw ...