CVE-2014-9090

The dodoublefault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment SS segment register, which allows local users to cause a denial of service panic via a modifyldt system call, as demonstrated by sigreturn32 i...

CVE-2014-9090

The dodoublefault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment SS segment register, which allows local users to cause a denial of service panic via a modifyldt system call, as demonstrated by sigreturn32 i...

CVE-2014-9090

CVE-2014-9090 affects the Linux kernel up to 3.17.4, where do_double_fault in arch/x86/kernel/traps.c mishandles SS fault conditions, allowing local users to cause a denial of service (panic) via modify_ldt (demonstrated by sigreturn_32 in linux-clock-tests). The issue was addressed by a patch li...

UBUNTU-CVE-2014-9090

The dodoublefault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment SS segment register, which allows local users to cause a denial of service panic via a modifyldt system call, as demonstrated by sigreturn32 i...

CVE-2014-9090

The dodoublefault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment SS segment register, which allows local users to cause a denial of service panic via a modifyldt system call, as demonstrated by sigreturn32 i...

OracleVM 2.2 : xen (OVMSA-2013-0075)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86: check segment descriptor read result in 64-bit OUTS emulation XSA-67 Matthew Daley orabug 17571623 CVE-2013-4368 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this...

bash: off-by-one error in deeply nested flow control constructs

An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash...

Remember a simple social worker phone number for CASE-vulnerability warning-the black bar safety net

One day, ask the goddess phone number, the goddess told me is 150XXXX number of segments, and the remaining 4 bits let me guess, 1 0 0 0 0 species composition, excluding special numbers, there are also 9 0 0 0 a variety of combinations, this swollen guess Yeah, but in the present cock, the Stalke...

bash -- out-of-bounds memory access in parser

RedHat security team reports: It was discovered that the fixed-sized redirstack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. An off-by-one...

EFF Releases Open Wireless Router Firmware

The EFF is working on an open wireless router firmware that’s designed to be a secure and flexible alternative to the existing software that runs on home and small business routers, much of which is notoriously insecure. The Open Wireless Router project, which the organization announced at the HO...

Linux kernel 2.0.37 Segment Limit Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/523/info This vulnerability has to do with the division of the address space between a user process and the kernel. Because of a bug, if you select a non-standard memory configuration, sometimes user level processes may b...

Windows NT - User Mode to Ring 0 Escalation Vulnerability

No description provided by source. Microsoft Windows NT GP Trap Handler Allows Users to Switch Kernel Stack ------------------------------------------------------------------------- CVE-2010-0232 In order to support BIOS service routines in legacy 16bit applications, the Windows NT Kernel support...

HP-UX 11,Linux kernel 2.4,Windows 2000/NT 4.0,IRIX 6.5 Small TCP MSS DoS

No description provided by source. source: http://www.securityfocus.com/bid/2997/info A potential denial of service vulnerability exists in several TCP stack implementations. TCP has a MSS maximum segment size option that is used by a TCP client to announce to a peer the maximum amount of TCP dat...

Easy File Management Web Server 5.3 - UserID Remote Buffer Overflow (ROP)

Easy File Management Web Server 5.3 - UserID Remote Buffer Overflow ROP !/usr/bin/python Exploit Title: Easy File Management Web Server v5.3 - USERID Remote Buffer Overflow ROP Version: 5.3 Date: 2014-05-31 Author: Julien Ahrens @MrTuxracer Homepage: http://www.rcesecurity.com Software Link:...

Linux Kernel vhost-net分段内存泄露漏洞

CVE ID:CVE-2014-0131 Linux Kernel是一款开源的操作系统。 Linux Kernel vhost-net skbs分段在实现上存在安全漏洞，这可被恶意利用泄露某些内存内容。要成功利用此漏洞需要启用zerocopy。 0 Linux kernel 2.6.x 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://marc.info/?l=linux-netdev&m=139446896921968&w=2...

Code Aurora多个产品'CONFIG_STRICT_MEMORY_RWX'安全限制绕过漏洞

BUGTRAQ ID: 65630 CVECAN ID: CVE-2013-4737 Code Aurora Forum是Linux基金会协同项目。 Code Aurora多个项目的CONFIGSTRICTMEMORYRWX功能没有正确考虑某些内存区段，在实现中存在安全漏洞，这可使远程攻击者通过固定位置的RWX内存，利用此漏洞绕过目标访问限制。 0 Code Aurora QRD Android Code Aurora Firefox OS for MSM Code Aurora Android for MSM 厂商补丁： Code Aurora -----------...

libjpeg: information leak (read of uninitialized memory)

The getsos function in jdmarker.c in 1 libjpeg 6b and 2 libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan SOS JPEG markers,...

CVE-2013-0852

The parsepicturesegment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access...

xen: information leak through outs instruction emulation (XSA-67)

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information hypervisor stack content via unspecified vectors related to stale...

DEBIAN-CVE-2013-4368

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information hypervisor stack content via unspecified vectors related to stale...