Смотрите также связанные темы 28.08.2018 Covert Channel Security Vulnerability in the Solaris Kernel A security vulnerability with system calls in the Solaris Kernel may allow two unprivileged local user processes to establish a covert communication channel bypassing system restrictions such as the multi-level security policy found in Solaris Trusted Extensions or the isolation policy implemented using zones(5) or chroot(2).
14.02.2018 AIX at information disclosure vulnerability A local attacker may exploit this error to read any file on the system because the command is setuid root.
09.03.2018 CVE-2009-0859 The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.
12.03.2018 Denial of Service (DoS) Vulnerability in NFSv4 Server Kernel Module A security vulnerability in the NFSv4 Server Kernel Module may allow a local unprivileged user to hang an NFSv4 server if that server is sharing an hsfs(7FS) file system (CD-ROM, DVD media).
05.05.2018 CVE-2009-1527 Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object.
12.06.2018 CVE-2012-0217 The User Mode Scheduler in the kernel in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 on the x64 platform does not properly handle system requests, which allows local users to gain privileges via a crafted application, aka "User Mode Scheduler Memory Corruption Vulnerability."
25.09.2018 2010-09-22 - [slackware-security] 64-bit kernel (SSA:2010-265-01) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] 64-bit kernel (SSA:2010-265-01) New kernel packages are available for Slackware x86_64 13.1, and -current to fix security issues. Here are the details from the Slackware64 13.1 ChangeLog: +--------------------------+ patches/packages/linux-2.6.33.4-2/kernel-firmware-2.6.33.4-noarch-2.txz: Rebuilt. patches/packages/linux-2.6.33.4-2/kernel-generic-2.6.33.4-x86_64-2.txz: Rebuilt. This kernel has been patched to fix security problems on x86_64:  ...
08.08.2018 CVE-2015-1805 The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
25.02.2018 CVE-2010-0705 Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
29.11.2018 CVE-2010-4072 The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
|