ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability

ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-002 January 13, 2009 -- CVE ID: CVE-2008-4835 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows Server 2008 Microsoft Windows Vista...

Microsoft SMB NT Trans Request Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Microsoft Windows; remote code execution is also theoretically possible. User interaction is not required to exploit this vulnerability. The specific flaw exists in the processing of...

Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to trigger a denial of service condition on vulnerable installations of Microsoft Windows; remote code execution is also theoretically possible. User interaction is not required to exploit this vulnerability. The specific flaw exists in the processing of...

CVE-2009-0069

CVE-2009-0069 affects the NFSv4 client in Sun Solaris 10 and OpenSolaris (pre-snV_102) where the kernel’s nfs4rename_persistent_fh function can be abused by local users to trigger a denial of service (recursive mutex_enter and panic). The issue is fixed by Sun patch 139466-04 (SPARC) and 139467-0...

Sun Solaris IP隧道参数空指针引用漏洞

BUGTRAQ ID: 32904 Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris的IP隧道实现中存在空指针引用漏洞，本地攻击者可以通过发送特制的SIOCGTUNPARAM IOCTL请求导致拒绝服务或执行任意内核态代码。 以下是inet/ip/ip.c中的有漏洞代码段： ... 26692 void 26693 ipprocessioctlipsqt ipsq, queuet q, mblkt mp, void arg 26694 ... 26717 1 ci.ciipif = NULL ... 26735 case TUNCMD: ... 2674...

kernel security update

CentOS Errata and Security Advisory CESA-2008:0972 Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel...

kernel security and bug fix update

2.6.9-78.0.8.0.1.EL - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with...

Sun Solaris '3SOCKET'本地拒绝服务漏洞

BUGTRAQ ID: 32296 CNCAN ID：CNCAN-2008111703 Sun Solaris是一款商业性质的操作系统。 不包含InfiniBand硬件的Sun Solaris socket3SOCKET存在安全问题，本地攻击者可以利用漏洞使内核出现Panic或造成拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun Solaris 10x86 Sun Solaris 10.0 Sun OpenSolaris build snv91 Sun OpenSolaris build snv90 Sun OpenSolaris build snv89 Sun OpenSolaris...

Design/Logic Flaw

Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv57 through snv91, when InfiniBand hardware is not installed, allows local users to cause a denial of service panic via unknown vectors, related to the socksdpvclose function...

CVE-2008-5111

CVE-2008-5111 affects Sun Solaris 10 and OpenSolaris (snv_57 through snv_91) when InfiniBand hardware is not installed. The vulnerability is described as an unspecified issue in the socket function, related to socksdpv_close, that can allow local users to cause a denial of service (panic). Exploi...

Linux Kernel < 2.4.36.9/2.6.27.5 Unix Sockets Local Kernel Panic Exploit

No description provided by source. include sys/socket.h include sys/un.h include unistd.h include assert.h include err.h include stdlib.h static int ownchildint us int pid; int s2; struct msghdr mh; char crap1024; struct iovec iov; struct cmsghdr c; int fd; int rc; pid = fork; if pid == -1 err1,...

Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service)

include include include include include include static int ownchildint us int pid; int s2; struct msghdr mh; char crap1024; struct iovec iov; struct cmsghdr c; int fd; int rc; pid = fork; if pid == -1 err1, "fork"; if pid closeus1; return pid; closeus0; memset&mh, 0, sizeofmh; iov.iovbase = "a";...

Linux Kernel < 2.4.36.9/2.6.27.5 Unix Sockets Local Kernel Panic Exploit

Exploit for linux platform in category dos / poc ======================================================================== Linux Kernel include include include include include static int ownchildint us int pid; int s2; struct msghdr mh; char crap1024; struct iovec iov; struct cmsghdr c; int fd; in...

Linux Kernel 2.4.36.92.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service)

Linux Kernel 2.4.36.92.6.27.5 - Unix Sockets Local Kernel Panic Denial of Service include include include include include include static int ownchildint us int pid; int s2; struct msghdr mh; char crap1024; struct iovec iov; struct cmsghdr c; int fd; int rc; pid = fork; if pid == -1 err1, "fork"; ...

CVE-2008-5009

The CVE-2008-5009 issue is a race condition in the Sun Solstice X.25 9.2 s_xout kernel module that, on multi-CPU systems, can cause a local denial of service (panic) by reading the /dev/xty file. Public sources confirm the affected component and impact; exploit details are not provided beyond the...

CVE-2008-4618

The Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service panic via unspecified vectors, related to...

CVE-2008-4618

The Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service panic via unspecified vectors, related to...

openSUSE 10 Security Update : kernel (kernel-5700)

The openSUSE 10.3 kernel was update to 2.6.22.19. This includes bugs and security fixes. CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP AUTH availability. This might be exploited remotely for a denial of service crash attack. CVE-2008-3528: The ext234 filesystem code fail...

CVE-2008-4618

The Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service panic via unspecified vectors, related to...

Debian DSA-1653-1 : linux-2.6 - denial of service/privilege escalation

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-6716 Joe Jin reported a local denial of service vulnerability that allows...