Local kernel 2.6.2x kernel panic via pthread

Exploit for linux platform in category local exploits ============================================ Local kernel 2.6.2x kernel panic via pthread ============================================ Exploit Title: Pthread Local Kernel 2.6.2x Kernel Panic Exploit Date: 20 April 2010 Author: mywisdom...

gfs-kmod security, bug fix and enhancement update

0.1.34-12 - Fixes a problem where improper locking commands can crash the system. - Resolves: rhbz571298 0.1.34-11 - Fixes 'Resource tempory unavailable' for EWOULDBLOCK message with flocks on gfs file - Resolves: rhbz515717 0.1.34-10 - Fixes 'Resource tempory unavailable' for EWOULDBLOCK message...

CVE-2010-1188

Use-after-free vulnerability in net/ipv4/tcpinput.c in the Linux kernel 2.6 before 2.6.20, when IPV6RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service kernel panic via a SYN packet while the socket is in a listening TCPLISTEN state, which is not properl...

CVE-2010-1188

CVE-2010-1188 details (mode C): A use-after-free in net/ipv4/tcp_input.c of the Linux kernel 2.6 prior to 2.6.20. When IPV6_RECVPKTINFO is set on a listening TCP socket, a SYN packet to a LISTEN socket can trigger the skb being freed improperly, allowing a remote attacker to cause a denial of ser...

CVE-2010-1188

Use-after-free vulnerability in net/ipv4/tcpinput.c in the Linux kernel 2.6 before 2.6.20, when IPV6RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service kernel panic via a SYN packet while the socket is in a listening TCPLISTEN state, which is not properl...

Moderate: Red Hat Security Advisory: GFS security and bug fix update

Updated GFS packages that fix one security issue are now available for Red Hat Enterprise Linux 3.9, kernel release 2.4.21-63.EL. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

kernel: ext4: avoid divide by zero when trying to mount a corrupted file system

The ext4fillflexinfo function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service divide-by-zero error and panic via a malformed ext4 filesystem containing a super block with a large FLEXBG group size aka sloggroupsperflex...

Linux Kernel NetFilter SCTP Unknown Chunk Types Denial of Service (CVE-2007-2876)

Linux is a popular open-source operating system in which the kernel and other programs related to the operating systems are developed by a group of volunteers. The Linux kernel supports a packet filtering framework known as Netfilter. Netfilter is used to monitor, inspect, manipulate network...

Linux Kernel SCTP Chunkless Packet Denial of Service (CVE-2006-2934)

Linux is a popular open-source operating system in which the kernel and other programs related to the operating systems are developed by a group of volunteers. The Linux kernel supports a great number of features, including networking, file system and graphics protocols and standards. Along with...

Linux Kernel SCTP FWD-TSN Handling Buffer Overflow (CVE-2009-0065)

Linux is a popular open-source operating system in which the kernel and other programs related to the operating systems are developed by a group of volunteers. The Linux network protocol stack provides support for Stream Control Transmission Protocol SCTP in addition to more popular transport...

CVE-2010-0148

Cisco Security Agent 5.2 on Linux is affected by a DoS vulnerability (CVE-2010-0148) that can trigger a kernel panic by sending a series of TCP packets. The issue is part of multiple vulnerabilities disclosed in Cisco Security Agent Management Center advisories; the DoS affects Cisco Security Age...

CVE-2010-0291

The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service panic by calling the 1 mmap or 2 mremap function, aka the "domremap mess" or "mremap/mmap mess."...

CVE-2010-0561

Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cause a denial of service kernel panic via a negative mixer index number being passed to 1 the azaliaquerydevinfo function in the azalia audio driver src/sys/dev/pci/azalia.c or 2 the...

Integer overflow

Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cause a denial of service kernel panic via a negative mixer index number being passed to 1 the azaliaquerydevinfo function in the azalia audio driver src/sys/dev/pci/azalia.c or 2 the...

CVE-2010-0561

Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cause a denial of service kernel panic via a negative mixer index number being passed to 1 the azaliaquerydevinfo function in the azalia audio driver src/sys/dev/pci/azalia.c or 2 the...

CVE-2010-0561

NetBSD kernels (versions 4.0, 5.0, and NetBSD-current before 2010-01-21) are affected by a local denial-of-service vulnerability caused by an integer signedness error in the audio subsystem. Specifically, passing a negative mixer index to azalia_query_devinfo (azalia.c) or hdaudio_afg_query_devin...

Solaris/Open Solaris UCODE_GET_VERSION IOCTL Denial of Service

No description provided by source. / cve-2010-0453.c -- Patroklos Argyroudis, argp at domain census-labs.com Denial of service kernel panic PoC exploit for the UCODEGETVERSION ioctl NULL pointer dereference vulnerability on Solaris/OpenSolaris: http://www.trapkit.de/advisories/TKADV2010-001.txt...

Null pointer dereference

The ucodeioctl function in intel/io/ucodedrv.c in Sun Solaris 10 and OpenSolaris snv69 through snv133, when running on x86 architectures, allows local users to cause a denial of service panic via a request with a 0 size value to the UCODEGETVERSION IOCTL, which triggers a NULL pointer dereference...

CVE-2010-0453

CVE-2010-0453 affects Sun Solaris 10/OpenSolaris (snv_69–snv_133) on x86, where the ucode_ioctl function in intel/io/ucode_drv.c is vulnerable. A 0-size UCODE_GET_VERSION IOCTL request can trigger a NULL pointer dereference in ucode_get_rev, causing a kernel panic/denial of service. The issue is ...

kernel: ipv6_hop_jumbo remote system crash

The ipv6hopjumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service NULL pointer dereference and kernel panic via a crafted IPv6 packet...