what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

Mandriva Linux Security Advisory 2010-172
Posted Sep 11, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-172 - Some vulnerabilities were discovered and corrected in the Linux kernel. Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service via unspecified vectors. The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a cache stuffing issue and MS-DFS referrals. The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service via a write operation on the last block of a large file, followed by a sync operation.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, spoof, vulnerability
systems | linux, mandriva
advisories | CVE-2010-2240, CVE-2010-2492, CVE-2010-2524, CVE-2010-3015
MD5 | 42e8224f2625e072bff3266c7756ac26
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Skylight Cyber Bypasses Cylance AI
Posted Jul 18, 2019

tags | headline, hacker, flaw
No, You Don't Need A Burner Phone At A Hacking Conference
Posted Jul 18, 2019

tags | headline, hacker, privacy, phone, conference
US Senator Asks FBI To Investigate FaceApp
Posted Jul 18, 2019

tags | headline, government, privacy, usa, russia, cyberwar
Microsoft Warns 10,000 Customers They're Targeted By Nation States
Posted Jul 18, 2019

tags | headline, hacker, government, microsoft, cyberwar
Slack Resets Passwords For 1% Of Its Users Because Of 2015 Hack
Posted Jul 18, 2019

tags | headline, hacker, data loss, password
Unofficial Telegram App Secretly Loads Malicious Sites
Posted Jul 17, 2019

tags | headline, malware, phone
Bluetooth Exploit Can Track And Identify Mobile Device Users
Posted Jul 17, 2019

tags | headline, privacy, wireless, spyware
Elon Musk Reveals Brain Hacking Plans
Posted Jul 17, 2019

tags | headline, hacker, science
JetBlue Bomb Scare Set Off With Apple AirDrop
Posted Jul 17, 2019

tags | headline, apple, terror
MyDashWallet Compromised For Two Months, Wallet Keys Taken
Posted Jul 16, 2019

tags | headline, cybercrime, data loss, fraud, cryptography
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close