News  |  Vulnerabilities  |  Papers  |  Projects  |  About  |  Contact
>Vulnerabilities>2004     2002  |  2003  |  2004  |  2005  |  2007  |  2008  |  2010  |  ALL
Release:  
 December   29, 2004
Synopsis:  
 Heap overflow in Mozilla Browser NNTP code
Product:  
 Mozilla Browser <= 1.7.3
Author:  
 Maurycy Prodeus (z33d@isec.pl)
 
 

A critical security vulnerability has been found in Mozilla Project code handling NNTP protocol.

 
Release:  
 December   14, 2004
Synopsis:  
 Linux kernel scm_send local DoS
Product:  
 2.4 => 2.4.28, 2.6 => 2.6.9
Author:  
 Paul Starzetz (paul@isec.pl)
 
 

A locally exploitable flaw has been found in the Linux socket layer, that allows a local user to hang a vulnerable machine.

 
Release:  
 December   14, 2004
Synopsis:  
 Linux kernel IGMP vulnerabilities
Product:  
 Linux 2.4 => 2.4.28, 2.6 => 2.6.9
Author:  
 Paul Starzetz (paul@isec.pl)
 
 

Multiple locally as well as remotely exploitable bugs have been found in the Linux IGMP networking module and the corresponding user API.

 
Release:  
 November   10, 2004
Synopsis:  
 Linux ELF loader vulnerabilities
Product:  
 Linux kernel 2.4 => 2.4.27, 2.6 => 2.6.8
Author:  
 Paul Starzetz (paul@isec.pl)
 
 

Numerous bugs have been found in the Linux ELF binary loader while handling setuid binaries.

 
Release:  
 August   04, 2004
Synopsis:  
 Linux kernel file offset pointer races
Product:  
 Linux kernel 2.4 => 2.4.26, 2.6 => 2.6.7
Author:  
 Paul Starzetz (paul@isec.pl)
 
 

A security vulnerability has been found in the Linux kernel code handling 64bit file offset pointers. Any process may exploit the bug to read huge parts of kernel memory.

 
Release:  
 April   20, 2004
Synopsis:  
 Linux kernel setsockopt MCAST_MSFILTER integer overflow
Product:  
 Linux kernel 2.4.22 - 2.4.25, 2.6.1 - 2.6.3
Author:  
 Paul Starzetz (paul@isec.pl)
 Wojciech Purczynski (cliph@isec.pl)
 
 

A critical security vulnerability has been found in the Linux kernel in the ip_setsockopt() function code. Proper exploitation of this vulnerability leads to local privilege escalation giving an attacker full super-user privileges.

 
Release:  
 February   18, 2004
Updated:  
 March 1, 2004
Synopsis:  
 Linux kernel do_mremap VMA limit local privilege escalation vulnerability
Product:  
 Linux kernel 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2
Author:  
 Paul Starzetz (paul@isec.pl)
 
 

A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05.01.2004 except concerning the same internal kernel function code.

 
Release:  
 January   5, 2004
Updated:  
 January 15, 2004
Synopsis:  
 Linux kernel do_mremap() local privilege escalation vulnerability
Product:  
 Linux kernel 2.4 and 2.6 series
Author:  
 Paul Starzetz (paul@isec.pl)
 Wojciech Purczynski (cliph@isec.pl)
 
 

A critical security vulnerability has been found in the Linux kernel memory management code in mremap(2) system call due to incorrect bound checks.

 
  Copyright © 2001-2012 iSEC Security Research. All rights reserved.