5 matches found
Linux Kernel 'do_splice_from()'本地安全绕过漏洞
BUGTRAQ ID: 31903 CVE ID:CVE-2008-4554 CNCVE ID:CNCVE-20084554 Linux是一款开放源代码的操作系统。 Linux在执行部分文件操作时'dosplicefrom'函数不正确拒绝文件描述符,本地攻击者可以利用漏洞绕过本地安全限制。 攻击者可以绕过append-only限制,破坏系统文件。 RedHat Fedora 9 0 RedHat Fedora 8 0 Linux kernel 2.6.26 4 Linux kernel 2.6.26 3 Linux kernel 2.6.26 .6 Linux kernel 2.6.26...
CVE-2008-3831
The i915 driver in 1 drivers/char/drm/i915dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and 2 sys/dev/pci/drm/i915drv.c in OpenBSD does not restrict the DRMI915HWSADDR ioctl to the Direct Rendering Manager DRM master, which allows local users to cause a denial of service memory corruption...
CVE-2008-3831
The CVE-2008-3831 entry concerns the i915 DRM driver in Linux kernel 2.6.24 (notable on Debian GNU/Linux) and OpenBSD. The root cause is that the DRM_I915_HWS_ADDR ioctl is not restricted to the DRM master due to the absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl configuration. Th...
Linux Kernel 'SCTP'模块存在漏洞
BUGTRAQ ID: 31121 CVE ID:CVE-2008-3792 CNCVE ID:CNCVE-20083792 Linux是一款开放源代码的操作系统。 Linux内核'SCTP'模块存在多个安全问题,本地攻击者可以利用漏洞获得敏感信息或使内核崩溃。 问题代码如下: file: net/sctp/socket.c ... SCTPSTATIC int sctpgetsockoptstruct sock sk, int level, int optname, char user optval, int user optlen int retval = 0; int len;...
CVE-2008-2372
The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service memory consumption via a large number of calls to the getuserpages function, which lacks a ZEROPAGE optimization and results in allocation of "useless newly zeroed pages."...