| 7! | Linux kernel uninitialized pointers
updated since 14.08.2009
|
 | | proto_ops structure uninitialized pointers. |
| 6! | Linux multiple security vulnerabilities
|
| | Multiple DoS conditions and privilege escalation. |
| 6! | 64-bit Linux kernel privilege escalation
|
| | Insufficient registry access validation on 32-bit syscalls emulation. |
| 6! | Multiple Linux kernel vulnerabilities
|
| | nf_conntrack_h323 NULL pointer dereference, invalid suid applications parent process termination signal handling, privilege escalation on Intel 965 chipset. |
| | Linux IPv6 socket double memory free vulnerability
|
| | Double memory free in ipv6_fl_socklist. |
| 6! | Linux SCSI devices unauthorized access
|
| | pam module problem allows console users to access generic SCSI and pseudo-SCSI devices directly. |
| | Linux kernel privilege escalation
updated since 11.11.2004
|
| | Invalid exception conditions handling leads to multiple reace conditions with privileged memory access. |
| | Linux Kernel Bluetooth CAPI DoS
|
| | It's possible to overwrite internal kernel objects with CAPI message. |
| 6! | Linux SCTP privilege escalation |
| | | |
| | Multiple Linux kernel DoS condiotions
|
| | DoS with SG driver, HID0[31] bit clearing problem on PPC970 processors. |
| | Ethernet frame padding information leakage
updated since 08.01.2003
|
| | Incorrect memory managment causes ethernet fame padding bytes may contain sensitive information. |
| 6! | Linux kernel coredump pribilege escalation
|
| | Bug in ELF format parsing leads to code execition. |
| 6! | Linux ext2 filesystem information leak
|
| | During directory creating random data from kernel memory are written to disk. |
| 6! | Linux Kernel Bluetooth support integer overflow
|
| | Integer overflow in socket call processing. |
| 9! | Linux kernel multiple bugs
|
| | Race conditions in uselib() leading to possibilityto overwrite kernel memory regions. Integer overflows in multiple drivers (random poolsize, scsi ioctl, moxa). RLIMIT_MEMLOCK protection bypass. mlockall DoS. Privilege escalation with race conditions on page fault with SMP platforms. |
| 7! | Multiple Linux kernel bugs
updated since 15.12.2004
|
| | DoS, privilege escalation, buffer overflow on 32bit calls emulation under 64bit platforms. |
| | Linux kernel __scm_send DoS
|
| | Race conditions leading to deadlock. |
| 6! | Multiple linux kernel IGMP processing bugs
|
| | DoS, kernel memory access. |
| | Multiple Linux smbfs bugs
|
| | Multiple bugs on parsing server replies. |
| 6! | Linux kernel race konditions
|
| | Race conditions on TIOCSETLD during read/write operation on same terminal can cause system to crash and potentially may lead to privilege escalation. |
| | Linux CD protection bypass
|
| | user with read-only access can bypass these permissions and perform write and erase operations on media in a drive. |
| 6! | Linux kernel integer overflows
|
| | integer overflow on write() in kNFSd and XDR decoding. |
| | linux kernel information leak
|
| | /proc problems hit again |
| | Linux kernel integer types conversion problems.
|
| | It's possible to access kernel memory because of inters conversion bug in 64bit file API (for example llseek). |
| 7! | Multiple linux kernel bugs
|
| | chown: users can change the group affiliation of arbitrary files to the group they belong to, missing DAC check in chown(2): local privilege escalation, overflow with signals: local denial-of-service, pss, mpu401 sound driver: read/write to complete memory, airo driver: read/write to complete memory, ALSA: copy_from_user/copy_to_user confused, acpi_asus: read from random memory, decnet: write to memory without checking, e1000 driver: read complete memory
|
| | Linux Broadcom 5820 Cryptonet driver integer overflow
|
| | ubsec_ioctl() function integer overflow. |
| | Linux FireWire drivers integer overflow
|
| | Integer overflows in different functions. |
| | linux kerndel floating point exception DoS
|
| | Problem with floating point exceptions lead to unstable kernel state. |
| | Linux kernel i2c integer overflow DoS
|
| | signed/unsigned conversion problem. |
| | Linux sctp_setsockopt() integer overflow
|
| | Integer overflow causes zero memory allocation. |
| 8! | linux kernel ip_setsockopt integer overflow
|
| | Integer overflow on MCAST_MSFILTER option processing. |
| 7! | Multiple linux kernel bugs
updated since 22.07.2003
|
| | /proc/tty/driver/serial kestroke counting information leak, multiple execve() problems, multiple STP problems, UDP port spoofing, forwarding table records spoofing. ISO9660 file system buffer overflow. |
| | linux threaded processes DoS
|
| | SIGRT_1 signal can be delivired to application causing invalid handling of child threads termination. |
| 9! | linux kernel mremap privilege escalation
updated since 05.01.2004
|
| | It's possible to map memory page of zero size causing memory corruption in kernel. |
| 8! | Linux kernel do_brk() privilege escalation
|
| | Function may be used for allocation virtual memory exceeding user accessible memory limit, givin access to kernel internal structures. |
| 7! | Multiple bugs in linux kernel
updated since 15.05.2003
|
| | new kernel version fixes DoS in TCP/IP stack (by isuing amount of packets with same hash value) and privelege escalation in ioperm() call. mxcsr CPU state modification, TTY level DoS, multiple etherleaks. |
| | Multiple NetFilter bugs
|
| | Multiple bugs causing DoS. |
| 7! | Linux kernel signed/unsigned conversion bug
|
| | Signed/unsigned conversion bug during processing of NFSv3 XDR data leads to buffer overflow. |
| | linux execve() unauthorized executable file access
|
| | During new application invocation through execve() there is a race condition than parent application can access new discriptor for executable file. |
| 6! | Multiple linux kernel problems
updated since 19.03.2003
|
| | Standard bug set: problems with ptrace, mmap and ethernet drivers. |
| | Linux Kernel DoS |
| | | |
| | Few bugs in linux kernel
updated since 23.08.2002
|
| | Few bugs in different drivers and in /proc fs. |
| | Protection bypass in linux
|
| | setgid() call doesn't change saved gid. |
| 6! | Buffer overflo in TUX HTTPD and SYN Cookie protection bypass
updated since 05.11.2001
|
| | Buffer overflow on long HTTP HOST header. By using Syncookie it's possible to bypass packet filtering. |
| | Linux kernel d_path problems
|
| | On long path a part of path is returned instead of error code. |
| | Проблемы с ip_conntrack_irc в ядре linux |
| | | |
| 7! | Очередные проблемы с Linux kernel (privelege escalation, symlink DoS) |
| | | |
| | Проблемы с MAC-фильтрацией в iptables (protection bypass) |
| | | |
| | Новая DoS атака - simultation close
updated since 16.08.2001 |
| | | |
| 7! | Дырка в iptables/nat в linux (protection bypass)
updated since 17.04.2001 |
| | | |
| | netkill - FIN_WAIT_1 DoS против многих систем |
| | | |
| 7! | Уязвимость init-скрипта в linux |
| | | |
| | |
