kernel security and bug fix update

2.6.18-92.1.10.0.1.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki orabug 6045759 - splice Fix bad unlockpage in error case Jens Axboe orabug 6263574 - dio fix error-path crashes Linus Torvalds orabug 6242289 - NET fix netpoll race Tina Yang orabugz 5791 2.6.18-92.1.10.el5 - ia64...

Design/Logic Flaw

The backend for XenSource Xen Para Virtualized Frame Buffer PVFB in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service crash by mapping an arbitrary amount of guest memory...

CVE-2008-1952

The backend for XenSource Xen Para Virtualized Frame Buffer PVFB in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service crash by mapping an arbitrary amount of guest memory...

Android软件开发工具包BMP文件处理整数溢出漏洞

BUGTRAQ ID: 28006 CVECAN ID: CVE-2008-0986 Android是Google通过Open Handset Alliance发起的项目，用于为移动设备提供完整的软件集，包括操作系统、中间件等。 Android SDK的libsgl.so库中的BMP::readFromStreamStream , ImageDecoder::Mode方式在解析BMP图形文件头时存在整数溢出漏洞，远程攻击者可能利用此漏洞控制用户设备。 如果BMP文件头的offset字段值为负数且Bitmap Information部分（DIB头）指定了8...

Lotus Domino任意访问内存映射文件漏洞

BUGTRAQ ID: 26146 CVECAN ID: CVE-2007-5544 Lotus Domino/Notes服务器是一款基于WEB协同工作的应用程序架构，运行在Linux/Unix和Microsoft Windows操作系统平台下。 Lotus Domino的IPC机制实现上存在漏洞，本地攻击者可能利用此漏洞提升权限。 Lotus Domino的NLNOTES和NTASKLDR间进程间通讯（IPC）机制是通过内存映射的文件执行的，在创建文件时向ACL参数传送了NULL，导致EVERYONE都赋予了完全控制权限。...

iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so 'doprf()' Buffer Overflow Vulnerability

Sun Microsystems Solaris ld.so 'doprf' Buffer Overflow Vulnerability iDefense Security Advisory 12.12.06 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 12, 2006 I. BACKGROUND Solaris is a UNIX operating system developed by Sun Microsystems. More information can be found at...

Symantec Ghost: Local access vulnerabilities in Database

SUMMARY Symantec engineers updated the db component to address three local access vulnerabilities discovered in the database installed with Symantec Ghost and the Central Management Console in Symantec Ghost Solutions Suite SGSS 1.0. Exploitation of any of these issues requires physical access to...

RHEL 4 : kernel (RHSA-2006:0101)

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating syste...

security flaw

The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service kernel crash...

CVE-2005-3106

Race condition in Linux 2.6, when threads are sharing memory mapping via CLONEVM such as linuxthreads and vfork, might allow local users to cause a denial of service deadlock by triggering a core dump while waiting for a thread that has just performed an exec...

CVE-2005-3106

CVE-2005-3106 is a Linux kernel race condition affecting thread management when memory mappings are shared (CLONE_VM). The issue can lead to a local denial of service via deadlock, e.g., by triggering a core dump or waiting-for-exec scenarios. Connected advisories confirm this CVE across multiple...

CVE-2005-3106

Race condition in Linux 2.6, when threads are sharing memory mapping via CLONEVM such as linuxthreads and vfork, might allow local users to cause a denial of service deadlock by triggering a core dump while waiting for a thread that has just performed an exec...

CVE-2005-2144

Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file...

CVE-2005-2144

Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file...

CVE-2005-2144

Prevx Pro 2005 1.0 is affected by CVE-2005-2144, which enables local users to bypass file protections and modify files by using MapViewOfFile to memory-map the target file. The description from CVE records states the issue is a local elevation/ tampering risk within Prevx Pro 2005. There is no pu...

PrevX Pro Intrusion Prevension System multiple vulnerabilities

Protection bypass be using memory mapping and internal syscalls, DoS...

Linux Kernel 2.6.x - AIO_Free_Ring Local Denial of Service

Linux Kernel 2.6.x - AIOFreeRing Local Denial of Service / source: https://www.securityfocus.com/bid/11842/info The Linux Kernel is reported prone to a local denial of service vulnerability. It is reported that the vulnerability exists due to a failure by 'aiofreering' to handle exceptional...

SuSE-SA:2003:049: Linux Kernel

The remote host is missing the patch for the advisory SuSE-SA:2003:049 Linux Kernel. This security update fixes a serious vulnerability in the Linux kernel. A missing bounds check in the brk system call allowed processes to request memory beyond the maximum size allowed for tasks, causing kernel...

linux kernel mremap privilege escalation

It's possible to map memory page of zero size causing memory corruption in kernel...

Linux Kernel ""mremap()""#2 Local Proof-of-concept

No description provided by source. / Proof-of-concept exploit code for domremap 2 Copyright C 2004 Christophe Devine This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either versi...