CVE-2009-3238

The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...

CVE-2009-3238

The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...

RedHat Security Advisory RHSA-2009:1438

The remote host is missing updates to the Linux kernel announced in advisory RHSA-2009:1438. This update fixes the following security issues: the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw t...

kernel: personality: fix PER_CLEAR_ON_SETID

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...

Compface 1.1.5 - .xbm Local Buffer Overflow

Compface 1.1.5 - .xbm Local Buffer Overflow !/usr/bin/python Exploit : Compface '.xbm' Local Buffer Overflow Exploit Affected : compface 1.1.5 Tested on : Ubuntu 9.04 without stack randomization Refer : bid/35863 Exploit : His0k4 Use : $compface exploit.xbm out setuid/execve shellcode for Linux/x...

Null pointer dereference

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...

Linux Kernel PER_CLEAR_ON_SETID绕过安全限制漏洞

BUGTRAQ ID: 35647 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的PERCLEARONSETID mask没有包含有MMAPPAGEZERO和ADDRCOMPATLAYOUT，这可能允许本地用户绕过mmapminaddr保护，或禁用某些ASLR（地址空间布局随机化）功能。 Linux kernel 2.6.x 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 POSITRON SECURITY LLC http://www.positronsecurity.com/ Security Advisory 2009-001 Memcached and MemcacheDB ASLR Bypass Weakness Author: Joe Testa jt atsign positronsecuritydotcom Date: April 28th, 2009 URL:...

Fedora 9 : dnsmasq-2.45-1.fc9 (2009-1069)

Update to newer upstream version - 2.45. Version of dnsmasq previously shipped in Fedora 9 did not properly drop privileges, causing it to run as root instead of intended user nobody. Issue was caused by a bug in kernel-headers used in build environment of the original packages. 454415 New upstre...

CVE-2009-0486

Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under modperl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery CSRF protectio...

GLSA-200901-03 : pdnsd: Denial of Service and cache poisoning

The remote host is affected by the vulnerability described in GLSA-200901-03 pdnsd: Denial of Service and cache poisoning Two issues have been reported in pdnsd: The pexecquery function in src/dnsquery.c does not properly handle many entries in the answer section of a DNS reply, related to a...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise MRG 1.0. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

Debian Security Advisory DSA 1623-1 (dnsmasq)

The remote host is missing an update to dnsmasq announced via advisory DSA 1623-1. OpenVAS Vulnerability Test $Id: deb16231.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1623-1 dnsmasq Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

RHEL 5 : dnsmasq (RHSA-2008:0789)

An updated dnsmasq package that implements UDP source-port randomization is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to...

Debian DSA-1623-1 : dnsmasq - DNS cache poisoning

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's dnsmasq packages to implement the recommended...

[SECURITY] [DSA 1623-1] New dnsmasq packages fix cache poisoning

------------------------------------------------------------------------ Debian Security Advisory DSA-1623-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 31, 2008 http://www.debian.org/security/faq -...

DSA-1623-1 dnsmasq - cache poisoning

Bulletin has no description...

Debian DSA-1619-1 : python-dns - DNS response spoofing

Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many...

Debian DSA-1617-1 : refpolicy - incompatible policy

In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447 . The fix, while correct, was incompatibl...

DSA-1617-1 refpolicy - incompatible policy

Bulletin has no description...