Jonathan Salwan

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.x **Description** The issue allows attackers to obtain sensitive information from kernel stack memory. This can be achieved through a crafted `MSM MCR IOCTL EVT GET` ioctl call related to `drivers/media/platform/msm/camera v1/mercury/msm mercury sync.c`, or a crafted `MSM JPEG IOCTL EVT GET` ioctl call related to `drivers/media/platform/msm/camera v2/jpeg 10/msm jpeg sync.c`. **Recommendations** For Linux kernel version 3.x, consider restricting access to the `MSM MCR IOCTL EVT GET` and `MSM JPEG IOCTL EVT GET` ioctl calls until a patch is available. As a temporary workaround, disabling the `msm mercury sync.c` and `msm jpeg sync.c` functions may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.x **Description** The issue is related to multiple stack-based buffer overflows in the MSM camera driver. Attackers can gain privileges via a crafted `VIDIOC MSM VPE DEQUEUE STREAM BUFF INFO` ioctl call or a crafted `VIDIOC MSM CPP DEQUEUE STREAM BUFF INFO` ioctl call. The affected files are `msm vpe.c` and `msm cpp.c`, which are part of the `drivers/media/platform/msm/camera v2/pproc` directory. **Recommendations** For Linux kernel version 3.x, update to a version that includes the fix for the MSM camera driver issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung Galaxy S4 kernel versions 3.4 and earlier **Description** The issue is caused by a buffer overflow in the samsung extdisp driver. This can be exploited by a remote attacker to cause a denial of service, resulting in memory corruption, or to gain privileges. **Recommendations** For kernel versions 3.4 and earlier, consider disabling the samsung extdisp driver as a temporary workaround until a patch is available. Restrict access to the vulnerable driver to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.x **Description** The issue is related to the genlock dev ioctl function in genlock.c in the Genlock driver, which does not properly initialize a certain data structure. This allows local users to obtain sensitive information from kernel stack memory via a crafted GENLOCK IOC EXPORT ioctl call. **Recommendations** For Linux kernel version 3.x, consider disabling the genlock dev ioctl function as a temporary workaround until a patch is available. Restrict access to the GENLOCK IOC EXPORT ioctl call to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.x **Description** The issue relies on user-space length values for kernel-memory copies of procfs file content, allowing attackers to gain privileges or cause a denial of service (memory corruption) via an application that provides crafted values. **Recommendations** For Linux kernel version 3.x, consider restricting access to the `goodix tool.c` file in the Goodix gt915 touchscreen driver to minimize the risk of exploitation. As a temporary workaround, avoid using crafted user-space length values for kernel-memory copies of procfs file content until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenVZ modification for the Linux kernel version 2.6.32, specifically vzkernel before 042stab080.2 **Description** The issue allows local users to obtain sensitive information from kernel stack memory. This can be achieved via a crafted ploop driver ioctl call, related to the `ploop getdevice ioc` function in `drivers/block/ploop/dev.c`, or a crafted quotactl system call, related to the `compat quotactl` function in `fs/quota/quota.c`. **Recommendations** For vzkernel before 042stab080.2, update to version 042stab080.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.x **Description** The issue is related to the Goodix gt915 touchscreen driver, where the `goodix tool.c` file does not properly synchronize updates to a global variable. This allows local users to bypass intended access restrictions or cause a denial of service, resulting in memory corruption, via crafted arguments to the `procfs` write handler. **Recommendations** For Linux kernel version 3.x, consider applying a patch that properly synchronizes updates to the global variable in the `goodix tool.c` file to prevent local users from bypassing access restrictions or causing a denial of service.

**Name of the Vulnerable Software and Affected Versions** Sysax Multi Server versions 4.3 through 4.5 **Description** The issue allows remote authenticated users to delete arbitrary files by utilizing a directory traversal technique, specifically by including a ..// (dot dot slash slash) in a DELE command. **Recommendations** For versions 4.3 and 4.5, consider restricting access to the DELE command until a patch is available to prevent arbitrary file deletion.

**Name of the Vulnerable Software and Affected Versions** Centreon version 2.1.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `host id` parameter in the main.php file. **Recommendations** For Centreon version 2.1.5, consider restricting access to the main.php file to minimize the risk of exploitation. Avoid using the `host id` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TYPSoft FTP Server version 1.11 Description: The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by sending an ABOR (abort) command without an active file transfer. Recommendations: For TYPSoft FTP Server version 1.11, consider restricting access to the ABOR command until a patch is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Serv-U File Server versions 7.0.0.1 through 7.4.0.1 **Description** A directory traversal issue in the FTP server of Serv-U File Server allows remote attackers to create arbitrary directories. This is achieved by including a .. (backslash dot dot) in an MKD request. **Recommendations** For Serv-U File Server versions 7.0.0.1 through 7.4.0.1, consider restricting access to the MKD command in the FTP server until a patch is available. As a temporary workaround, monitor FTP server activity closely to detect and prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Serv-U versions 7.0.0.1 through 7.4.0.1 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in the service hanging. This is achieved by sending a large number of SMNT commands without an argument to the FTP server. **Recommendations** For Serv-U versions 7.0.0.1 through 7.4.0.1, consider restricting access to the SMNT command to prevent the denial of service, until a patch is available.