kernel: kernel: net_sched: fix qdisc_notify()

The qdiscnotify function in net/sched/schapi.c in the Linux kernel before 2.6.35 does not prevent tcfillqdisc function calls referencing builtin aka CQFBUILTIN Qdisc structures, which allows local users to cause a denial of service NULL pointer dereference and OOPS or possibly have unspecified...

kernel: IB/uverbs: Handle large number of entries in poll CQ

The ibuverbspollcq function in drivers/infiniband/core/uverbscmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially fille...

Code injection

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points CDP certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a 1 client, 2 queue manager, or 3 application...

qemu-kvm: OOB memory access caused by negative vq notifies

The virtioqueuenotify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service guest crash and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed...

Debian DSA-2270-1 : qemu-kvm - programming error

It was discovered that incorrect sanitising of virtio queue commands in KVM, a solution for full virtualization on x86 hardware, could lead to denial of service or the execution of arbitrary code. The oldstable distribution lenny is not affected by this problem. %NASLMINLEVEL 70300 C Tenable...

DSA-2270-1 qemu-kvm - programming error

Bulletin has no description...

RHEL 6 : Red Hat Enterprise Linux 6.1 kernel (RHSA-2011:0542)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0542 advisory. - kvm: arch/x86/kvm/x86.c: reading uninitialized stack memory CVE-2010-3881 - kernel: unlimited socket backlog DoS CVE-2010-4251,...

kernel: bonding: Incorrect TX queue offset

The bondselectqueue function in drivers/net/bonding/bondmain.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default txqueues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a...

kernel: IB/uverbs: Handle large number of entries in poll CQ

Integer overflow in the ibuverbspollcq function in drivers/infiniband/core/uverbscmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact via a large value of a certain structure member...

targets-sniffer NSE Script

Sniffs the local network for a configurable amount of time 10 seconds by default and prints discovered addresses. If the newtargets script argument is set, discovered addresses are added to the scan queue. Requires root privileges. Either the targets-sniffer.iface script argument or -e Nmap optio...

CVE-2008-7283

Open Ticket Request System OTRS before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions...

DEBIAN-CVE-2010-4768

Open Ticket Request System OTRS before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remov...

CVE-2008-7283

Open Ticket Request System OTRS before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions...

DEBIAN-CVE-2008-7282

Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System OTRS before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain 1 list and 2...

DEBIAN-CVE-2010-4763

The ACL-customer-status Ticket Type setting in Open Ticket Request System OTRS before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the 1 Status, 2 Service, and 3 Queue via selections...

CVE-2009-5056

Open Ticket Request System OTRS before 2.4.0-beta2 does not properly enforce the moveinto permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-ticket...

CVE-2008-7283

Open Ticket Request System OTRS before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions...

CVE-2009-5056

Open Ticket Request System OTRS before 2.4.0-beta2 does not properly enforce the moveinto permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-ticket...

Design/Logic Flaw

Open Ticket Request System OTRS before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remov...

CVE-2010-4768

Open Ticket Request System OTRS before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remov...