CVE-2010-3705

The vulnerability CVE-2010-3705 affects the Linux kernel SCTP code: sctp_auth_asoc_get_hmac in net/sctp/auth.c does not validate the hmac_ids array from a remote peer, enabling remote attackers to trigger memory corruption and a kernel panic. Affected versions are Linux kernel before 2.6.36; reme...

CVE-2010-4210

The pfsgetextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service kernel panic, overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to...

Design/Logic Flaw

The pfsgetextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service kernel panic, overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to...

CVE-2010-4210

Removed by vendor...

CVE-2010-4210

The CVE-2010-4210 issue affects FreeBSD: pfs_getextattr in pseudofs unlocks a mutex that was not locked. On systems with pseudofs-mounted filesystems and NULL page mapping allowed, an attacker can overwrite kernel memory and potentially execute code in the kernel; on systems without NULL page map...

kernel: ipv6: skb is unexpectedly freed

Use-after-free vulnerability in net/ipv4/tcpinput.c in the Linux kernel 2.6 before 2.6.20, when IPV6RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service kernel panic via a SYN packet while the socket is in a listening TCPLISTEN state, which is not properl...

kernel panic via futex

include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service panic via an invalid application that triggers a page fault...

kernel security update

CentOS Errata and Security Advisory CESA-2010:0779 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring...

RedHat Update for kernel RHSA-2010:0779-01

Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2010:0779-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

RedHat Update for kernel RHSA-2010:0779-01

Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2010:0779-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

RHEL 4 : kernel (RHSA-2010:0779)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0779 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues:...

FreeBSD 'pseudofs' NULL Pointer Dereference Local Privilege Escalation Vulnerability

No description provided by source. / Source: http://www.securityfocus.com/bid/43060/info 18.08.2010, babcia padlina FreeBSD 7.0 - 7.2 pseudofs null ptr dereference exploit to obtain SYSENT8SYCALLADDR, run: $ kgdb /boot/kernel/kernel kgdb print &sysent8.sycall / define SYSENT8SYCALLADDR 0xc0c4afa4...

RHEL 5 : kernel (RHSA-2010:0723)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0723 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A...

FreeBSD - pseudofs Null Pointer Dereference Privilege Escalation

FreeBSD - pseudofs Null Pointer Dereference Privilege Escalation / source: https://www.securityfocus.com/bid/43060/info 18.08.2010, babcia padlina FreeBSD 7.0 - 7.2 pseudofs null ptr dereference exploit to obtain SYSENT8SYCALLADDR, run: $ kgdb /boot/kernel/kernel kgdb print &sysent8.sycall / defi...

CVE-2010-2530

Multiple integer signedness errors in smbsubr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service panic via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a 1 SMBIOCLOOKUP or 2...

Integer overflow

Multiple integer signedness errors in smbsubr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service panic via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a 1 SMBIOCLOOKUP or 2...

CVE-2010-2798

The CVE-2010-2798 entry concerns the Linux kernel prior to 2.6.35, where gfs2_dirent_find_space uses an incorrect size value in calculations related to sentinel directory entries. This can allow local attackers to trigger a denial of service via a NULL pointer dereference and kernel panic, with a...

FreeBSD 8.17.3 - vm.pmap Local Race Condition

FreeBSD 8.17.3 - vm.pmap Local Race Condition -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FreeBSD 8.1/7.3 vm.pmap kernel local race condition Author: Maksymilian Arciemowicz http://SecurityReason.com http://lu.cxib.net Date: - - Dis.: 09.07.2010 - - Pub.: 07.09.2010 Affected Software verified: ...

CVE-2010-2798

The gfs2direntfindspace function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service NULL pointer dereference and panic and possibly have unspecified other...

CVE-2010-2248

fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service panic via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite...