Searching proc software vulnerabilities

A race condition in Linux 2.2.1 allows local us

condition | Linux | race |

A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.


FTP servers such as OpenBSD ftpd, NetBSD ftpd,

setproctitle | untrusted | Opieftpd | properly | function | servers | cleanse | strings | ProFTPd | OpenBSD | format | NetBSD | used | ftpd | such | FTP | not |

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.


/proc/tty/driver/serial in Linux 2.4.x reveals

/proc/tty/driver/serial | information | potentially | characters | passwords | sensitive | reveals | obtain | serial | number | length | local | users | links | Linux | exact | allow | could | which | such | used | 24x |

/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.


A race condition in the way env_start and env_e

fs/proc/basec | initialized | env_start | condition | pointers | service | env_end | allows | system | execve | denial | cause | local | users | Linux | race | call | used | way |

A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).


The /proc filesystem in Linux allows local user

information | permissions | /proc/self | filesystem | sensitive | ownership | executing | various | entries | program | opening | allows | setuid | change | causes | obtain | before | /proc | Linux | those | local | which | users | fail |

The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.


Integer signedness error in the cpufreq proc ha

signedness | cpufreq | handler | Integer | error | proc |

Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in Linux kernel 2.6 allows local users to gain privileges.


Insecure permissions for the /proc/scsi/qla2300

/proc/scsi/qla2300/HbaApiNode | permissions | Insecure | service | denial | allows | cause | Linux | local | users | file |

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.


Multiple vulnerabilities in the samba filesyste

vulnerabilities | filesystem | Multiple | samba |

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.


Race condition in Linux kernel 2.6 allows local

/proc//cmdline | environment | condition | variables | spawning | another | process | kernel | allows | still | Linux | local | users | Race | read | via |

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.


Linux VServer 1.27 and earlier, 1.3.9 and earli

VServer | Linux |

Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server.


Unspecified vulnerability in procfs in the Linu

Linux-VServer | vulnerability | Unspecified | kernel | before | branch | procfs | stable |

Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc entries from a vserver context", a different vulnerability than CVE-2004-2408.


Postfix 2.1.3, when /proc/net/if_inet6 is not a

Postfix |

Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.


The /proc handling (proc/base.c) Linux kernel 2

handling | /proc |

The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows local users to cause a denial of service via unknown vectors that cause an invalid access of free memory.


Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses diff

kernel | Linux |

Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context.


The fib_seq_start function in fib_hash.c in Lin

fib_seq_start | fib_hashc | function | service | denial | allows | kernel | Linux | cause | local | users |

The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route.


Unknown vulnerability in Solaris 10 allows loca

vulnerability | service | Solaris | Unknown | denial | allows | cause | local | users |

Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference.


The procfs code (proc_misc.c) in Linux 2.6.14.3

procfs | code |

The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.


Race condition in Linux kernel 2.6.17.4 and ear

condition | kernel | Linux | Race |

Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.


Race condition in the kernel in Sun Solaris 8 t

condition | Solaris | through | service | allows | kernel | denial | cause | users | local | Race | Sun |

Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.


The snd_mem_proc_read function in sound/core/me

sound/core/memallocc | snd_mem_proc_read | Architecture | Advanced | function | Sound | Linux |

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.


Software vulnerabilities results 1 to 20 of 30     
Page: 12