5181 matches found
kernel: futex: refcount issue in case of requeue
A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futexwait. A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could...
kernel: net: ping: refcount issue in ping_init_sock() function
A use-after-free flaw was found in the way the pinginitsock function of the Linux kernel handled the groupinfo reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system...
Qemu: block: possible crash due signed types or logic error
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling updaterefcount routine...
Qemu: block: possible crash due signed types or logic error
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling updaterefcount routine...
Qemu: block: multiple integer overflow flaws
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service crash via a crafted catalog size in 1 the parallelsopen function in block/parallels.c or 2 bochsopen function in bochs.c, a large L1 table in the 3 qcow2snapshotloadtmp i...
Qemu: block: possible crash due signed types or logic error
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling updaterefcount routine...
Qemu: block: possible crash due signed types or logic error
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling updaterefcount routine...
Linux Kernel 'ping_init_sock()'本地权限提升漏洞
Bugtraq ID:66779 CVE ID:CVE-2014-2851 Linux Kernel是Linux操作系统的内核。 Linux kernel在pinginitsock函数的实现上存在refcount问题,本地攻击者可利用此漏洞获取提升的权限或造成内核崩溃。 0 Linux kernel 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www.kernel.org/...
CVE-2014-0147
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling updaterefcount routine...
UBUNTU-CVE-2014-0147
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling updaterefcount routine...
UBUNTU-CVE-2014-0143
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service crash via a crafted catalog size in 1 the parallelsopen function in block/parallels.c or 2 bochsopen function in bochs.c, a large L1 table in the 3 qcow2snapshotloadtmp i...
kernel security and bug fix update
kernel 2.6.18-371.3.1.0.1 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add getuserpagesfast orabug 14277030 - oprofile export getuserpagesfast function orabug 14277030 - oprofile oprofile, x86: Fix nmi-unsafe callgraph support orabug 14277030 - oprofile oprofile: use...
Oracle Linux 6 : kernel (ELSA-2012-0481)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0481 advisory. - Revert: fs NFSv4: include bitmap in nfsv4 get acl data Sachin Prabhu 753231 753232 CVE-2011-4131 - kernel regset: Return -EFAULT, not -EIO, on...
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 2393)
This kernel update fixes the following security problems : - A bug within the UDF filesystem that caused machine hangs when truncating files on the filesystem was fixed. 186226. CVE-2006-4145 - A potential crash when receiving IPX packets was fixed. This problem is thought not to be exploitable...
RHEL 6 : kernel (RHSA-2012:0481)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0481 advisory. - kernel: sysctl: restrict write access to dmesgrestrict CVE-2011-4080 - kernel: block: CLONEIO iocontext refcounting issues CVE-2012-0879 -...
CVE-2012-1090
The cifslookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service OOPS via attempted access to a special file, as demonstrated by a FIFO. "The cifs code will attempt to open files on lookup under certain circumstances. What happens though i...
MS11-083 Denial Of Service
!/bin/sh cat winnuke2011.c include include include include include include include include include include include int port; int active = 0; pthreadmutext mutexactive; void sendpacketsvoid ptr; int mainint argc, char argv pthreadt thread; int iret,lthreads; pidt pid; printf"+ MS11-083 DoS/PoC...
Microsoft Windows - TCPIP Stack Reference Counter Integer Overflow (MS11-083)
Microsoft Windows - TCPIP Stack Reference Counter Integer Overflow MS11-083 // source: https://www.securityfocus.com/bid/50517/info Microsoft Windows is prone to a remote integer-overflow vulnerability that affects the TCP/IP stack. An attacker can exploit this issue to execute arbitrary code wit...
NtUserCheckAccessForIntegrityLevel Use-After-Free Vulnerability
Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use- after-free Vulnerability Intro: Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry and some not from the industry have come together to form MSRC: the...
Linux Kernel sys32_ptrace()函数多个释放后使用漏洞
CVECAN ID: CVE-2008-3077 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux kernel的arch/x86/kernel/ptrace.c文件中的sys32ptrace函数可能会溢出taskstruct结构的refcount字段,本地攻击者可以在x86-64平台上利用这个漏洞触发释放后使用,导致系统崩溃。 Linux kernel 2.6.25.10 Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...