iOS Kernel - AppleOscarCMA Use-After-Free

iOS Kernel - AppleOscarCMA Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=605 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

iOS Kernel - IOReportHub Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=603 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

iOS Kernel - IOReportHub Use-After-Free

Exploit for iOS platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=603 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

iOS Kernel - IOHIDEventService Use-After-Free

Exploit for iOS platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=604 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

iOS Kernel - AppleOscarCompass Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=606 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

FreeBSD Patches Kernel Panic Vulnerability

FreeBSD has patched a denial-of-service vulnerability affecting versions configured to support SCTP and IPv6, the default configurations on later version of the open source OS. Researchers at Positive Technologies in the U.K. said versions 9.3, 10.1 and 10.2 are affected and can be exploited by a...

FreeBSD SCTP ICMPv6 - Error Processing

FreeBSD SCTP ICMPv6 - Error Processing !/usr/bin/env python -- coding: utf-8 -- ''' Source: http://blog.ptsecurity.com/2016/01/severe-vulnerabilities-detected-in.html SCTP stream control transmission protocol is a transport-layer protocol designed to transfer signaling messages in an IP...

Oracle VM VirtualBox < 4.0.36 / 4.1.44 / 4.2.36 / 4.3.34 / 5.0.10 Multiple Vulnerabilities (January 2016 CPU)

The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.0.36, 4.1.44, 4.2.36, 4.3.34, or 5.0.10. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists due to an infinite loop condition in the KVM subsystem of the...

FreeBSD-SA-16:01.sctp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:01.sctp Security Advisory The FreeBSD Project Topic: SCTP ICMPv6 error message vulnerability Category: core Module: SCTP Announced: 2016-01-14 Credits:...

FreeBSD -- SCTP ICMPv6 error message vulnerability

Problem Description: A lack of proper input checks in the ICMPv6 processing in the SCTP stack can lead to either a failed kernel assertion or to a NULL pointer dereference. In either case, a kernel panic will follow. Impact: A remote, unauthenticated attacker can reliably trigger a kernel panic i...

FreeBSD -- Linux compatibility layer setgroups(2) system call

Problem Description: A programming error in the Linux compatibility layer setgroups2 system call can lead to an unexpected results, such as overwriting random kernel memory contents. Impact: It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privileg...

Security Advisory - Input Check Vulnerability in Huawei Smart Phone

There is a vulnerability in a Huawei smart phone that does not validate input parameter. The attacker tricks the user to install a malicious application to obtain system or camera privilege and then can exploit the vulnerability to make the product system panic. Vulnerability ID: HWPSIRT-2015-110...

Debian DLA-360-1 : linux-2.6 security update

This update fixes the CVEs described below. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid operations on local AFUNIX sockets can result in a use-after-free. This may be used to cause a denial of service crash or possibly for privilege escalation. CVE-2015-7799...

RedHat Update for kernel RHSA-2015:2552-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 360-1] linux-2.6 security update

Package : linux-2.6 Version : 2.6.32-48squeeze17 CVE ID : CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-7990 CVE-2015-8324 This update fixes the CVEs described below. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid...

DLA-360-1 linux-2.6 - security update

Bulletin has no description...

Oracle Linux 7 : ntp (ELSA-2015-2231)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2231 advisory. - check origin timestamp before accepting KoD RATE packet CVE-2015-7704 - allow only one step larger than panic threshold with -g CVE-2015-5300 -...

Amazon Linux AMI : kernel (ALAS-2015-610)

A denial of service vulnerability was discovered in the keyring function's garbage collector in the Linux kernel. The flaw allowed any local user account to trigger a kernel panic. CVE-2015-7872 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Juniper Networks Junos OS IPv6 mbuf Chain DoS Vulnerability

Junos OS is prone to a DoS vulnerability in the mbuf chain. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...

Medium: kernel

Issue Overview: A denial of service vulnerability was discovered in the keyring function's garbage collector in the Linux kernel. The flaw allowed any local user account to trigger a kernel panic. CVE-2015-7872 Affected Packages: kernel Issue Correction: Run yum update kernel or yum update...