Showing posts with label fsfuzzer. Show all posts
Showing posts with label fsfuzzer. Show all posts

Saturday, November 25, 2006

MOKB-25-11-2006: Linux 2.6.x ReiserFS Sync Memory Corruption

The ReiserFS support code of Linux 2.6.x fails to properly handle crafted data structures, leading to an exploitable memory corruption condition when a sync is being done in a corrupted ReiserFS filesystem.

Sunday, November 19, 2006

MOKB-19-11-2006: Linux 2.6.x NTFS __find_get_block_slow() denial of service

The NTFS filesystem module of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This issue is similar to that explained in MOKB-05-11-2006.

Friday, November 17, 2006

MOKB-17-11-2006: Linux 2.6.x minix_bmap denial of service

Linux 2.6.x minix filesystem code fails to properly handle corrupted data structures, leading to an exploitable denial of service issue when a crafted fs stream is being mounted.

Wednesday, November 15, 2006

MOKB-15-11-2006: Linux 2.6.x gfs2 init_journal denial of service

Linux 2.6.x gfs2 filesystem code fails to properly handle corrupted data structures, leading to an exploitable denial of service issue when a crafted stream is being mounted. This particular vulnerability is caused by a NULL pointer dereference in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 init_journal function.

Tuesday, November 14, 2006

MOKB-14-11-2006: Linux 2.6.x SELinux superblock_doinit denial of service

Failure to handle mounting of corrupt filesystem streams may lead to a local denial of service condition when SELinux hooks are enabled. This particular vulnerability is caused by a null pointer dereference in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 superblock_doinit function.

Sunday, November 12, 2006

MOKB-12-11-2006: Linux 2.6.x ext2_check_page denial of service

Linux 2.6.x ext2 filesystem code fails to properly handle corrupted data structures, leading to an exploitable denial of service issue when read operation is being done on a crafted fs stream.

Friday, November 10, 2006

MOKB-10-11-2006: Linux 2.6.x ext3fs_dirhash denial of service

Linux 2.6.x ext3 filesystem code fails to properly handle corrupted data structures, leading to an exploitable denial of service issue with potential fs corruption, when a read operation is done on a crafted ext3 stream.

Tuesday, November 07, 2006

MOKB-07-11-2006: Linux 2.6.x zlib_inflate memory corruption

Linux 2.6.x zlib_inflate function can be abused by filesystems that depend on zlib compression, such as cramfs. A failure to handle crafted data, result of a read operation in a corrupted filesystem stream, may lead to memory corruption. This particular vulnerability requires a filesystem (proof of concept for cramfs provided) to fail validation (ex. no integrity checking) of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 binary stream in order to reach execution of zlib_inflate()

Sunday, November 05, 2006

MOKB-05-11-2006: Linux 2.6.x ISO9660 __find_get_block_slow() denial of service

The ISO9660 filesystem handling code of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This particular vulnerability seems to be caused by a race condition and a signedness issue.
Uncompress, burn, plug, mayhem.

"The sky fell down when I plugged it,
The green of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wallpaper countryside has turned to blue,
I had cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CD right on my fingertips,
...
Frank Sinatra, "The Sky Fell Down" (
remix).

Saturday, November 04, 2006

MOKB-04-11-2006: Solaris 10 UFS filesystem alloccgblk denial of service

The UFS filesystem handling code of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Solaris 10 kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service issue and potential loss of data or corruption of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 local UFS filesystems, due to memory corruption.

Thursday, November 02, 2006

MOKB-02-11-2006: Linux 2.6.x squashfs double free

The squashfs module of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Linux kernel (2.6.x) fails to properly handle corrupted fs structures, leading to a denial of service and possible data corruption condition. A specially crafted squashfs image will cause cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel to double free a buffer when a read operation is performed on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 corrupted filesystem.

More details: