Product Description
- -------------------
- From [1]:
"Linux is a free Unix-type operating system originally created by Linus
Torvalds with the assistance of developers around the world. Developed under
the GNU General Public License, the source code for Linux is freely available
to everyone."
- From [2]:
In short, VDSO was mmap'ed by the kernel in the user space memory always
at the same fixed address. Because of that well-known technique
ret-to-libc (or as some ppl prefer ROP) was possible and effective
to bypass existing security mitigation in the system.
.. 6 years later Linus Torvalds announced the release of the new kernel
version - 3.x! Now, guess what happened...
pi3-darkstar new # uname -r
3.2.12-gentoo
pi3-darkstar new # cat /proc/sys/kernel/randomize_va_space
can trigger a BUG() altering the permissions on a locked file,
resulting in a denial of service.
CVE-2010-1083
Linus Torvalds reported an issue in the USB subsystem, which may allow
local users to obtain portions of sensitive kernel memory.
CVE-2010-1084
Neil Brown reported an issue in the Bluetooth subsystem that may
http://[HOSTNAME]:4848/configuration/httpListenerEdit.jsf?name=<script>alert(document.cookie);</script>&configName=server-config
--
|_|0|_| Serrano Neves - a.k.a eth0
|_|_|0| http://webappsecurity.wordpress.com
|0|0|0| "Talk is cheap. Show me the code." - Linus Torvalds
> Product Description
> - -------------------
> - From [1]:
>
> "Linux is a free Unix-type operating system originally created by Linus
> Torvalds with the assistance of developers around the world. Developed under
> the GNU General Public License, the source code for Linux is freely available
> to everyone."
>
> - From [2]:
>
exploit this issue to read the contents of sensitive kernel
memory.
CVE-2009-3238
Linus Torvalds provided a change to the get_random_int() function
to increase its randomness.
CVE-2009-3286
Eric Paris discovered an issue with the NFSv4 server
exploit this issue to read the contents of sensitive kernel
memory.
CVE-2009-3238
Linus Torvalds provided a change to the get_random_int() function
to increase its randomness.
CVE-2009-3547
Earl Chew discovered a NULL pointer dereference issue in the
was executed!
--
|_|0|_| Serrano Neves - a.k.a eth0
|_|_|0| http://webappsecurity.wordpress.com
|0|0|0| "Talk is cheap. Show me the code." - Linus Torvalds
And others =)
--
|_|0|_| Serrano Neves - a.k.a eth0
|_|_|0| http://webappsecurity.wordpress.com
|0|0|0| "Talk is cheap. Show me the code." - Linus Torvalds
exploit this issue to read the contents of sensitive kernel
memory.
CVE-2009-3238
Linus Torvalds provided a change to the get_random_int() function
to increase its randomness.
CVE-2009-3286
Eric Paris discovered an issue with the NFSv4 server
Sep 25, 2007
I. BACKGROUND
Linux is a clone of the UNIX operating system, written from scratch by
Linus Torvalds with assistance from a loosely-knit team of hackers
across the Internet. The Advanced Linux Sound Architecture (ALSA)
project provides audio device support for Linux systems. More
information can be found at the URLs shown below.
http://kernel.org/
