344 matches found
Kernel: net: oops from tcp_collapse() when using splice(2)
The tcpreadsock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service system crash via a crafted splice system call for a TCP socket...
CVE-2013-2128
The tcpreadsock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service system crash via a crafted splice system call for a TCP socket...
DEBIAN-CVE-2013-2128
The tcpreadsock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service system crash via a crafted splice system call for a TCP socket...
PT-2013-3551 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.34 Description: The issue is related to the tcp read sock function in the Linux kernel, which does not properly manage skb consumption. This allows local users to cause a denial of service, resulting in a...
Linux Kernel 'tcp_collapse()'本地拒绝服务漏洞
BUGTRAQ ID: 60214 CVECAN ID: CVE-2013-2128 Linux Kernel是Linux操作系统的内核。 Linux kernel用TCP套接字调用splice2时,却调用了tcpcollapse,在实现上存在本地拒绝服务漏洞,本地攻击者可利用此漏洞造成内核崩溃。 0 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...
CVE-2013-2128
The tcpreadsock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service system crash via a crafted splice system call for a TCP socket...
Null pointer dereference
The doexit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNELDS getfs value, which allows local users to bypass intended accessok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a 1 BUG, 2 NULL pointer...
CVE-2010-4258
The doexit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNELDS getfs value, which allows local users to bypass intended accessok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a 1 BUG, 2 NULL pointer...
PT-2010-5380 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.36.2 Description: The issue allows local users to bypass intended access restrictions, overwrite arbitrary kernel memory locations, and gain privileges. This can be achieved by leveraging a BUG, NULL pointer...
CVE-2010-4258
The doexit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNELDS getfs value, which allows local users to bypass intended accessok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a 1 BUG, 2 NULL pointer...
kernel: splice local denial of service
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service prevention of file creation and removal via a series of splice...
Important: Red Hat Security Advisory: kernel-rt security and bug fix update
Updated kernel-rt packages that fix several security issues and various bugs are now available for Red Hat Enterprise MRG 1.1. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel-rt packages contain the Linux kernel, the core of any Lin...
Linux kernel DoS
Deadlog on splice calls handling...
Design/Logic Flaw
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service prevention of file creation and removal via a series of splice...
Linux Kernel 'splice(2)'两次锁本地拒绝服务漏洞
Bugraq ID: 35143 Linux是一款开放源代码的操作系统。 Adobe Acrobat不正确处理畸形PDF文件,远程攻击者可以利用漏洞消耗大量栈资源而造成应用程序崩溃。 Linux kernel 2.6.30 -rc2 Linux kernel 2.6.30 -rc1 Linux kernel 2.6.29 1 Linux kernel 2.6.29 -git8 Linux kernel 2.6.29 -git14 Linux kernel 2.6.29 -git1 Linux kernel 2.6.29 Linux kernel 2.6.28 9 Linux kernel...
Linux Kernel 2.6.x - splice(2) Double Lock Local Denial of Service
Linux Kernel 2.6.x - splice2 Double Lock Local Denial of Service / source: https://www.securityfocus.com/bid/35143/info The Linux kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause an affected process to hang, denying service to legitimate users...
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : linux, linux-source-2.6.15/22 vulnerabilities (USN-679-1)
It was discovered that the Xen hypervisor block driver did not correctly validate requests. A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service. This only affected Ubuntu 7.10...
Ubuntu: Security Advisory (USN-679-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Firefox 3 crashes in the JavaScript engine
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pas...
kernel: don't allow splice() to files opened with O_APPEND
The dosplicefrom function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the OAPPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file...