CVE-2011-2906

The issue is an integer signedness error in the Linux kernel's pmcraid_ioctl_passthrough under drivers/scsi/pmcraid.c, affecting pre-3.1 kernels. It may allow local attackers to cause denial of service via a negative size value in an ioctl call, typically in environments with a privileged program...

CVE-2011-2906

Integer signedness error in the pmcraidioctlpassthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service memory consumption or memory corruption via a negative size value in an ioctl call. NOTE: this may be a vulnerability only...

GNU C Library Dynamic Linker Arbitrary DSO dlopen

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes CVE-2010-3856, an addendum to CVE-2010-3847. Please see http://seclists.org/fulldisclosure/2010/Oct/257 fo...

UBUNTU-CVE-2010-3192

Certain run-time memory protection mechanisms in the GNU C Library aka glibc or libc6 print argv0 and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program tha...

CVE-2001-1582

Buffer overflow in the LDAP naming services library libsldap in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAPOPTIONS environment variable to a privileged program that uses libsldap...

Debian DSA-946-2 : sudo - missing input sanitising

The former correction to vulnerabilities in the sudo package worked fine but were too strict for some environments. Therefore we have reviewed the changes again and allowed some environment variables to go back into the privileged execution environment. Hence, this update. The configuration optio...