FreeBSD-SA-08:08.nmount

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:08.nmount Security Advisory The FreeBSD Project Topic: nmount2 local arbitrary code execution Category: core Module: syskern Announced: 2008-09-03 Credits:...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4935)

This kernel update fixes the following security problems : - Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. CVE-2008-0007 - Incorrect access mode checks could be used by local attackers to corrupt directory contents...

FreeBSD -- Jail rc.d script privilege escalation

Problem Description: In multiple situations the host's jail rc.d8 script does not check if a path inside the jail file system structure is a symbolic link before using the path. In particular this is the case when writing the output from the jail start-up to /var/log/console.log and when mounting...

Debian DSA-1018-2 : kernel-source-2.4.27 - several vulnerabilities

The original update lacked recompiled ALSA modules against the new kernel ABI. Furthermore, kernel-latest-2.4-sparc now correctly depends on the updated packages. For completeness we're providing the original problem description : Several local and remote vulnerabilities have been discovered in t...

Linux Kernel Sysctl接口注销本地拒绝服务漏洞

BUGTRAQ ID: 15365 CVECAN ID: CVE-2005-2709 Linux kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的"sysctl.c"在"/proc/sys/net/ipv4/conf/"中处理接口注销时存在拒绝服务漏洞。恶意用户可以利用这个漏洞导致系统忙碌，造成服务不可用。 Linux kernel 2.6.14.1 Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： Linux Upgrade linux-2.6.14.1.tar.bz2...

Code injection

NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service memory exhaustion by using the sysctl system call to lock a large buffer into physical memory...

CVE-2006-1814

NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service memory exhaustion by using the sysctl system call to lock a large buffer into physical memory...

CVE-2006-1814

NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service memory exhaustion by using the sysctl system call to lock a large buffer into physical memory...

[SA19616] NetBSD "sysctl()" Local Denial of Service Vulnerability

TITLE: NetBSD "sysctl" Local Denial of Service Vulnerability SECUNIA ADVISORY ID: SA19616 VERIFY ADVISORY: http://secunia.com/advisories/19616/ CRITICAL: Not critical IMPACT: DoS WHERE: Local system OPERATING SYSTEM: NetBSD 1.x http://secunia.com/product/255/ DESCRIPTION: A vulnerability has been...

Mandrake Linux Security Advisory : kernel (MDKSA-2006:040)

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The udpv6getport function in udp.c, when running IPv6, allows local users to cause a Denial of Service infinite loop and crash CVE-2005-2973. The mqopen system call in certain situations can decrement a counter...

Ubuntu 4.10 / 5.04 / 5.10 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities (USN-244-1)

Doug Chapman discovered a flaw in the reference counting in the sysmqopen function. By calling this function in a special way, a local attacker could exploit this to cause a kernel crash. CVE-2005-3356 Karl Janmar discovered that the /proc file system module used signed data types in a wrong way....

CVE-2005-4618

CVE-2005-4618 corresponds to a Linux kernel local-denial-of-service issue caused by a buffer overflow in sysctl writes. Affected are Linux kernel 2.6.x before 2.6.15; exploitation could corrupt user memory or cause a denial of service via a long string, with the caveat that the vulnerability may ...

Linux kernel multiple vulnerabilities

TwinHan DST Frontend/Card buffer overflow,kernel/sysctl.c off-by-one, fiblookup netlink message memory corruption, setmempolicy DoS...

CVE-2005-2709

The sysctl functionality sysctl.c in Linux kernel before 2.6.14.1 allows local users to cause a denial of service kernel oops and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function...

CVE-2005-2709

The sysctl functionality sysctl.c in Linux kernel before 2.6.14.1 allows local users to cause a denial of service kernel oops and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function...

Linux Kernel 2.6.x - Sysctl Unregistration Local Denial of Service

/ source: https://www.securityfocus.com/bid/15365/info Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from a failure to properly unregister kernel resources when network devices are removed. This issue allows local attackers to deny service to...

Unprivilegued settings for FreeBSD kernel variables

CATEGORY: kern INTRODUCTION: i have found security threat in basic security facility in BSD systems that allows to lower sysctl variable in this case to bypass security settings, root privilegues are needed DESCRIPTION: sysctl8 ... The sysctl utility retrieves kernel state and allows processes wi...

OpenBSD sysctl DoS

No description provided...

OpenBSD 3.3/3.4 - 'sysctl' Local Denial of Service

// source: https://www.securityfocus.com/bid/9073/info A denial of service vulnerability has been reported for OpenBSD, specifically when handling malformed calls to sysctl. By invoking systcl and passing a specific flag in conjunction with a negative argument may trigger a kernel panic. This cou...

OpenBSD 3.33.4 - sysctl Local Denial of Service

OpenBSD 3.33.4 - sysctl Local Denial of Service // source: https://www.securityfocus.com/bid/9073/info A denial of service vulnerability has been reported for OpenBSD, specifically when handling malformed calls to sysctl. By invoking systcl and passing a specific flag in conjunction with a negati...