453 matches found
kernel: enforce a minimum SG_IO timeout
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SGIO requests, which allows local users to cause a denial of service Programmed I/O mode on drives via multiple simultaneous invocations of an unspecified test program...
kernel: enforce a minimum SG_IO timeout
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SGIO requests, which allows local users to cause a denial of service Programmed I/O mode on drives via multiple simultaneous invocations of an unspecified test program...
USN-714-1: Linux kernel vulnerabilities
Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts. A local attacker could exploit this to cause a system hang, leading to a denial of service. CVE-2008-5079 It was discovered that the libertas wireless driver did not correctly handle beacon and probe responses. A...
DEBIAN-CVE-2008-4109
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service connection sl...
[Full-disclosure] Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack
Calyptix Security Advisory CX-2007-05 eSoft InstaGate EX2 Cross-Site Request Forgery Attack Date: 07/11/2007 http://www.calyptix.com/ http://labs.calyptix.com/CX-2007-05.php http://labs.calyptix.com/CX-2007-05.txt Overview Multiple versions of eSoft's InstaGate EX2 UTM device are vulnerable to...
Calyptix Security Advisory CX-2007-04 - Cross-Site Request Forgery Attack Against Check Point Safe@Office Device
Calyptix Security Advisory CX-2007-04 Cross-Site Request Forgery Attack Against Check Point Safe@Office Device Date: 06/26/2007 http://www.calyptix.com/ http://labs.calyptix.com/CX-2007-04.php http://labs.calyptix.com/CX-2007-04.txt Overview Multiple versions of Check Point's Safe@Office UTM devi...
DEBIAN-CVE-2006-0058
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations...
CVE-2006-0058
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations...
Sendmail 8.13.6 release notes
8.13.6/8.13.6 2006/03/22 SECURITY: Replace unsafe use of setjmp3/longjmp3 in the server and client side of sendmail with timeouts in the libsm I/O layer and fix problems in that code. Also fix handling of a buffer in smsyslog which could have been used as an attack vector to exploit the unsafe...
CVE-2005-2070
The ClamAV Mail fILTER clamav-milter 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading...
long sendmail timeouts let attacker prevent milter quiesce
Summary: An attacker that can predict when a milter will need to quiesce input to allow for a reload may hold open an SMTP session for several hours. This will lead to a DoS condition on the mailserver. Background: Sendmail is a popular Mail Transfer Agent MTA, used in many large sites that requi...
[Full-Disclosure] FreeBSD Security Advisory FreeBSD-SA-04:04.tcp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:04.tcp Security Advisory The FreeBSD Project Topic: many out-of-sequence TCP packets denial-of-service Category: core Module: kernel Announced: 2004-03-02...
PT-2003-1766 · Novell · Novell Ichain
Name of the Vulnerable Software and Affected Versions: Novell iChain version 2.2 before Support Pack 1 Description: The issue allows remote attackers to guess usernames and conduct brute force password guessing more easily due to a shorter timeout for non-existent users compared to valid users...