681 matches found
kernel: SELinux and mmap_min_addr
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to 1 the default configuration of the allowunconfinedmmapl...
kernel: personality: fix PER_CLEAR_ON_SETID
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...
CVE-2009-0579
Linux-PAM before 1.0.4 does not enforce the minimum password age MINDAYS as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified...
kernel: enforce a minimum SG_IO timeout
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SGIO requests, which allows local users to cause a denial of service Programmed I/O mode on drives via multiple simultaneous invocations of an unspecified test program...
kernel security and bug fix update
2.6.9-78.0.17.0.1.EL - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon wit...
Fedora Update for gallery2 FEDORA-2007-2020
Check for the Version of gallery2 OpenVAS Vulnerability Test Fedora Update for gallery2 FEDORA-2007-2020 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for gallery2 FEDORA-2008-5576
Check for the Version of gallery2 OpenVAS Vulnerability Test Fedora Update for gallery2 FEDORA-2008-5576 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for gallery2 FEDORA-2008-2587
Check for the Version of gallery2 OpenVAS Vulnerability Test Fedora Update for gallery2 FEDORA-2008-2587 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for gallery2 FEDORA-2008-11258
Check for the Version of gallery2 OpenVAS Vulnerability Test Fedora Update for gallery2 FEDORA-2008-11258 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
kernel: enforce a minimum SG_IO timeout
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SGIO requests, which allows local users to cause a denial of service Programmed I/O mode on drives via multiple simultaneous invocations of an unspecified test program...
Design/Logic Flaw
ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods...
SDL_image无效GIF文件LWZ Minimum Code Size远程缓冲区溢出漏洞
BUGTRAQ ID: 27417 SDLImage是用于处理图形文件的开源函数库。 SDLImage在处理畸形格式的图形文件时存在漏洞,远程攻击者可能利用此漏洞通过诱使用户处理恶意文件控制用户系统。 SDLImage库没有正确地处理Table Based Image Data头中带有无效LWZ Minimum Code Size的图形文件。标准允许代码的最大大小为12位,但SDLimage没有执行检查,因此可能触发缓冲区溢出。以下是IMGgif.c文件的ReadImage函数中的漏洞代码: ... unsigned char c; ... if LWZReadBytesrc, TRUE...
dhcpd stack-based buffer overlow
Stack-based buffer overflow in the consoptions function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service daemon crash via a DHCP request specifying a maximum...
security flaw
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service crash via an ext2 stream with malformed data structures that triggers an error in the ext2checkpage due to a length that is smaller than the minimum...
CVE-2006-6054
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service crash via an ext2 stream with malformed data structures that triggers an error in the ext2checkpage due to a length that is smaller than the minimum...
CVE-2005-3254
The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian...
CVS "history" command may disclose sensitive information
Overview A vulnerability exists in the history command of Concurrent Versions System CVS. If exploited, this vulnerability could disclose sensitive information about files and directories on an affected system to a remote, authenticated CVS user. Description Concurrent Versions System CVS is a...
ISC DHCPD NSUPDATE MiniRes Library Remote Buffer Overflow Vulnerabilities
Description Multiple buffer overflow vulnerabilities have been reported for the ISC DHCPD service. The vulnerability occurs when the DHCP server is configured to dynamically update records. The vulnerability exists in the library used by NSUPDATE to resolve hostnames. An attacker can exploit thes...
Snort 1.8.3 - ICMP Denial of Service
source: https://www.securityfocus.com/bid/3849/info Snort is a network intrusion detection system IDS. It is originally written for Linux and Unix systems, although it has also been ported to run under Microsoft Windows. Snort is capable of flexible and powerful content analysis of network traffi...
Host Integration Server 2004
Category for Host Integration Server 2004 release. It requires RTM as the minimum version...