RedHat Update for kernel RHSA-2015:0102-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Out-of-bounds

sapi/cgi/cgimain.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a character and lacks a newline character, whi...

CVE-2014-9427

sapi/cgi/cgimain.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a character and lacks a newline character, whi...

CVE-2014-9427

The CVE-2014-9427 issue affects PHP CGI (sapi/cgi/cgi_main.c). In PHP 5.4.36 and 5.5.x up to 5.5.20, and 5.6.x up to 5.6.4, mmap-based reading of a .php file can miss the mapping length for certain invalid inputs starting with ‘#’ and lacking a newline. This yields an out-of-bounds read that coul...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2014-3083)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3083 advisory. - ALSA: control: Don't access controls outside of protected regions Lars-Peter Clausen Orabug: 19817787 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 -...

Unbreakable Enterprise kernel security update

2.6.39-400.215.11 - ALSA: control: Don't access controls outside of protected regions Lars-Peter Clausen Orabug: 19817786 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 - ALSA: control: Fix replacing user controls Lars-Peter Clausen Orabug: 19817748 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 - kvm:...

glibc security, bug fix, and enhancement update

2.12-1.149 - Remove gconv transliteration loadable modules support CVE-2014-5119, - nlfindlocale: Improve handling of crafted locale names CVE-2014-0475, 2.12-1.148 - Switch gettimeofday from INTUSE to libchiddenproto 1099025. 2.12-1.147 - Fix stack overflow due to large AFINET6 requests...

kernel: integer overflow in fb_mmap

An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file /dev/fb could possibly use this flaw to escalate their privileges on the system...

CVE-2013-2595

The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, enables MSMCAMIOCTLSETMEMMAPINFO ioctl calls for an unrestricted mmap interface, which allows...

CVE-2013-2595

The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, enables MSMCAMIOCTLSETMEMMAPINFO ioctl calls for an unrestricted mmap interface, which allows...

CVE-2013-2595

The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, enables MSMCAMIOCTLSETMEMMAPINFO ioctl calls for an unrestricted mmap interface, which allows...

CVE-2013-2595

The CVE-2013-2595 issue affects the MSM camera driver in Linux kernels 2.6.x and 3.x, used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices. The vulnerability stems from the MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl exposing an unrestricted mmap interface, enabling a locally ...

Updated kernel-tmb package fixes security vulnerabilities

Updated kernel-tmb provides upstream 3.10.51 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value CVE-2014-020...

RHEL 6 : kernel-rt (RHSA-2012:1150)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1150 advisory. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A...

Ubuntu 12.04.0-2LTS x64 perf_swevent_init - Kernel Local Root Exploit

No description provided by source. / Ubuntu 12.04 3.x x8664 perfsweventinit Local root exploit by Vitaly Nikolenko [email protected] based on semtex.c by sd Supported targets: 0 Ubuntu 12.04.0 - 3.2.0-23-generic 1 Ubuntu 12.04.1 - 3.2.0-29-generic 2 Ubuntu 12.04.2 - 3.5.0-23-generic $ gcc vnik.c...

BSD/OS <= 4.0,FreeBSD <= 3.2,Linux kernel <= 2.3,NetBSD <= 1.4 Shared Memory Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/526/info Operating systems with a shared memory implementation based on or influenced by the 4.4BSD code may be vulnerable to a denial of service attack The problem exists because you can mmap or shmget as much memory as...

Linux Kernel 2.2 mmap() Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6420/info A denial of service vulnerability has been discovered in the Linux 2.2 kernel. It has been reported that it is possible for an unprivileged user to cause the kernel to stop responding due to a bug in the...

OSX/Intel - setuid shell x86_64 - 51 bytes

No description provided by source. / Title: OSX/Intel - setuid shell x8664 - 51 bytes Date: 2010-11-25 Tested on: Mac OS X 10.6.5 - Darwin Kernel Version 10.5.0 Author: Dustin Schultz - twitter: @thexploit http://thexploit.com BITS 64 section .text global start start: a: mov r8b, 0x02 ; Unix clas...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

No description provided by source. / FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread...