what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2006-1343

Status Candidate

Overview

net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.

Related Files

VMware Security Advisory 2006-0008
Posted Nov 14, 2006
Authored by VMware | Site vmware.com

VMware Security Advisory - A new update has been released for VMware ESX 2.0.2 versions prior to upgrade patch 2. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.

tags | advisory, vulnerability, python
advisories | CVE-2004-2069, CVE-2006-3403, CVE-2005-2177, CVE-2006-3467, CVE-2006-1056, CVE-2006-1342, CVE-2006-1343, CVE-2006-1864, CVE-2006-2071
SHA-256 | 9a66799b14690c41ec3ec055156a1779166c5ed73ed0a6f092e85b0596740011
VMware Security Advisory 2006-0007
Posted Nov 14, 2006
Authored by VMware | Site vmware.com

VMware Security Advisory - A new update has been released for VMware ESX 2.1.3 versions prior to upgrade patch 2. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.

tags | advisory, vulnerability, python
advisories | CVE-2004-2069, CVE-2006-3403, CVE-2005-2177, CVE-2006-3467, CVE-2006-1056, CVE-2006-1342, CVE-2006-1343, CVE-2006-1864, CVE-2006-2071
SHA-256 | 1440199717c94f0c4f1b7bd5c1fda07332cb78575e0f9e4297957683819670a4
VMware Security Advisory 2006-0006
Posted Nov 14, 2006
Authored by VMware | Site vmware.com

VMware Security Advisory - A new update has been released for VMware ESX versions 2.5.3 prior to upgrade patch 4. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.

tags | advisory, vulnerability, python
advisories | CVE-2004-2069, CVE-2006-3403, CVE-2005-2177, CVE-2006-3467, CVE-2006-1056, CVE-2006-1342, CVE-2006-1343, CVE-2006-1864, CVE-2006-2071
SHA-256 | e684543f58081d1348c75166cbc7034f9d65df6dc03ffd4fd6c62d5e6cfa6ca9
VMware Security Advisory 2006-0005
Posted Nov 14, 2006
Authored by VMware | Site vmware.com

VMware Security Advisory - A new update has been released for VMware ESX versions 2.5.4 prior to upgrade patch 1. This patch addresses vulnerabilities in ucd-snmp, XFree86, an AMD fxsave/restore security flaw, some minor information leaks, and more.

tags | advisory, vulnerability
advisories | CVE-2005-2177, CVE-2006-3467, CVE-2006-1056, CVE-2006-1342, CVE-2006-1343, CVE-2006-1864, CVE-2006-2071
SHA-256 | 3c5ba7597c91ed301fbec257901ba81d15b855241f3a9c647492727c59cd3151
Mandriva Linux Security Advisory 2006.150
Posted Aug 28, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-150 - A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2006-0554, CVE-2006-0744, CVE-2006-1343, CVE-2006-1857, CVE-2006-1858, CVE-2006-1863, CVE-2006-1864, CVE-2006-2274, CVE-2006-2935, CVE-2006-2936, CVE-2006-3468, CVE-2006-3745
SHA-256 | 95cb78e528ef2037f49b5da2f654ac4a5ab2b3f77b110479c99934493514a192
Debian Linux Security Advisory 1097-1
Posted Jun 21, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1097-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2006-0038, CVE-2006-0039, CVE-2006-0741, CVE-2006-0742, CVE-2006-1056, CVE-2006-1242, CVE-2006-1343, CVE-2006-1368, CVE-2006-1524, CVE-2006-1525, CVE-2006-1857, CVE-2006-1858, CVE-2006-1864, CVE-2006-2271, CVE-2006-2272, CVE-2006-2274
SHA-256 | b2de7ff95c97fb5e9c56933271b3f3e64183f2a8c738055da0c6cc07195cba22
Ubuntu Security Notice 281-1
Posted May 6, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 281-1 - Multiple vulnerabilities have been discovered in the Linux 2.6 kernel. The sys_mbind() function did not properly verify the validity of the 'maxnod' argument. A local user could exploit this to trigger a buffer overflow, which caused a kernel crash. The SELinux module did not correctly handle the tracer SID when a process was already being traced. A local attacker could exploit this to cause a kernel crash. Al Viro discovered a local Denial of Service in the sysfs write buffer handling. By writing a block wit h a length exactly equal to the processor's page size to any writable file in /sys, a local attacker could cause a kernel crash. John Blackwood discovered a race condition with single-step debugging multiple processes at the same time. A local attacker could exploit this to crash the system. This only affects the amd64 platform. Marco Ivaldi discovered a flaw in the handling of the ID number of IP packets. This number was incremented after receiving unsolicited TCP SYN-ACK packets. A remote attacker could exploit this to conduct port scans with the 'Idle scan' method (nmap -sI), which bypassed intended port scan protections. Pavel Kankovsky discovered that the getsockopt() function, when called with an SO_ORIGINAL_DST argument, does not properly clear the returned structure, so that a random piece of kernel memory is exposed to the user. This could potentially reveal sensitive data like passwords or encryption keys. A buffer overflow was discovered in the USB Gadget RNDIS implementation. While creating a reply message, the driver did not allocate enough memory for the reply structure. A remote attacker could exploit this to cause a kernel crash. Alexandra Kossovsky discovered an invalid memory access in the ip_route_input() function. By using the 'ip' command in a particular way to retrieve multicast routes, a local attacker could exploit this to crash the kernel.

tags | advisory, remote, denial of service, overflow, kernel, local, tcp, vulnerability
systems | linux, ubuntu
advisories | CVE-2006-0557, CVE-2006-1052, CVE-2006-1055, CVE-2006-1066, CVE-2006-1242, CVE-2006-1343, CVE-2006-1368, CVE-2006-1525
SHA-256 | f07cfa72c65837f67fad1ccb0fdf321f1e3761c7e3af1e3608d6513ebf5ee200
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close