Oracle Linux 6 kernel security, bug fix and enhancement update

2.6.32-279.el6 - netdrv mlx4: ignore old module parameters Jay Fenlason 830553 2.6.32-278.el6 - kernel sysctl: silence warning about missing strategy for file-max at boot time Jeff Layton 803431 - net sunrpc: make new tcpmaxslottableentries sysctl use CTLUNNUMBERED Jeff Layton 803431 - drm i915:...

SuSE 10 Security Update : the Linux Kernel (x86_64) (ZYPP Patch Number 6730)

This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraidsas driver was worldwriteable, allowing local users to cause a denial of service or potential code...

RHEL 6 : kernel (RHSA-2012:0481)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0481 advisory. - kernel: sysctl: restrict write access to dmesgrestrict CVE-2011-4080 - kernel: block: CLONEIO iocontext refcounting issues CVE-2012-0879 -...

kernel: sysctl: restrict write access to dmesg_restrict

The sysrqsysctlhandler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAPSYSADMIN capability to modify the dmesgrestrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as...

kernel security, bug fix, and enhancement update

2.6.32-220.13.1.el6 - Revert: fs NFSv4: include bitmap in nfsv4 get acl data Sachin Prabhu 753231 753232 CVE-2011-4131 2.6.32-220.12.1.el6 - net netsched: qdiscallochandle can be too slow Jiri Pirko 805458 785891 - fs procfs: add hidepid= and gid= mount options Jerome Marchand 770651 770652 - fs...

PT-2012-1800 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.39 Description: The issue allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges. This can be demonstrated by a root user in a Linux Container...

linux/x86 sys_execve("/sbin/sysctl") 121 bytes polymorphic shellcode

/ sysexecve"/sbin/sysctl", "/sbin/sysctl", "-w", "kernel.randomizevaspace=0" , NULL; 121 bytes polymorphic shellcode Programmer : Paulus Gandung Prakosa syn-attack Thanks to : mywisdom, gunslinger, nofia fitri, chaer.newbie, wenkhairu, ketek, xtr0nic, supermen ganteng, and all devilzc0de members ...

Nagios Plugin check_ups Local Buffer Overflow PoC

Exploit for linux platform in category dos / poc Advisory: Nagios Plugin 'checkups' local buffer overflow Author: Stefan Schurtz Contact: email protected Affected Software: Successfully tested on nagios-plugins-1.4.15 Vendor URL: http://nagiosplugins.org/ ./checkups -u perl -e 'print "A"x16407'...

Oracle Linux 4.9 kernel security and bug fix update

2.6.9-100 -cxgb3: prevent reading uninitialized stack memory to fix xgbextensionioctl infoleak Eugene Teo 633153 CVE-2010-3296 -mlx4: disable MSI-X by default Andy Gospodarek 530596 -ext3: call fs invalidatepage instead of blockinvalidatepage Josef Bacik 488611 -av7110: check for negative array...

FreeBSD Kernel mountnfs() Exploit

No description provided by source. / mountnfsex.c -- Patroklos Argyroudis, argp at domain census-labs.com Local kernel exploit for FreeBSD 8.0, 7.3 and 7.2. Discovered and exploited by Patroklos argp Argyroudis. The vulnerability is in mountnfs which is reachable by the mount2 and nmount2 system...

FreeBSD Kernel mountnfs() Exploit

Exploit for freebsd platform in category dos / poc ================================= FreeBSD Kernel mountnfs Exploit ================================= / mountnfsex.c -- Patroklos Argyroudis, argp at domain census-labs.com Local kernel exploit for FreeBSD 8.0, 7.3 and 7.2. Discovered and exploited...

FreeBSD - 'mountnfs()' Denial of Service

/ mountnfsex.c -- Patroklos Argyroudis, argp at domain census-labs.com Local kernel exploit for FreeBSD 8.0, 7.3 and 7.2. Discovered and exploited by Patroklos argp Argyroudis. The vulnerability is in mountnfs which is reachable by the mount2 and nmount2 system calls. In order for them to be...

FreeBSD Kernel nfs_mount() Exploit

Exploit for freebsd platform in category local exploits ================================== FreeBSD Kernel nfsmount Exploit ================================== / nfsmountex.c -- Patroklos Argyroudis, argp at domain census-labs.com Local kernel exploit for FreeBSD 8.0, 7.3 and 7.2. FreeBSD...

Multiple BSD Operating Systems setusercontext() Vulnerabilities

No description provided by source. BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeBSD 5.0 and 7.0. An example from...

BSD setusercontext Vulnerabilities

BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeBSD 5.0 and 7.0. An example from ftpd.c : setusercontextlc, pw, uidt0,...

Ubuntu 8.10 : linux regression (USN-661-1)

Version 2.6.27 of the Linux kernel changed the order of options in TCP headers. While this change was RFC-compliant, it was found that some old routers and consumer DSL modems would not route traffic for these systems when TCP timestamps were enabled. As a workaround, TCP timestamps were disabled...

Race condition

Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service kernel memory corruption by simultaneously executing the same HFSSETPKGEXTENSIONS code path in multiple threads, which is problematic...

CVE-2009-1238

Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service kernel memory corruption by simultaneously executing the same HFSSETPKGEXTENSIONS code path in multiple threads, which is problematic...

FreeBSD Security Advisory FreeBSD-SA-08:08.nmount

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:08.nmount Security Advisory The FreeBSD Project Topic: nmount2 local arbitrary code execution Category: core Module: syskern Announced: 2008-09-03 Credits: Jam...

FreeBSD -- nmount(2) local arbitrary code execution

Problem Description: Various user defined input such as mount points, devices, and mount options are prepared and passed as arguments to nmount2 into the kernel. Under certain error conditions, user defined data will be copied into a stack allocated buffer stored in the kernel without sufficient...