what you don't know can hurt you
Showing 1 - 5 of 5 RSS Feed

CVE-2009-2406

Status Candidate

Overview

Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size.

Related Files

Mandriva Linux Security Advisory 2011-029
Posted Feb 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-029 - Multiple vulnerabilities have been discovered and fixed in the Linux 2.6 kernel. The X.25 implementation does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed data, a different vulnerability than CVE-2010-4164. The bcm_connect function Broadcast Manager in the Controller Area Network implementation in the Linux creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. The install_special_mapping function in mm/mmap.c does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application. Various other issues have also been addressed.

tags | advisory, remote, denial of service, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2010-3873, CVE-2010-4565, CVE-2010-4346, CVE-2010-4158, CVE-2010-3874, CVE-2010-4163, CVE-2010-4164, CVE-2009-4307, CVE-2010-4162, CVE-2010-3015, CVE-2010-4258, CVE-2010-3875, CVE-2010-3067, CVE-2010-4248, CVE-2010-3437, CVE-2010-3877, CVE-2009-2406, CVE-2010-3859, CVE-2010-4073, CVE-2010-4072, CVE-2010-3705, CVE-2010-4165, CVE-2010-3310, CVE-2010-3698
MD5 | b09673d46bd0c26aeac9afa523e5a306
Mandriva Linux Security Advisory 2009-289
Posted Oct 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-289 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These range from buffer overflows to denial of service vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1895, CVE-2009-2406, CVE-2009-2407, CVE-2009-2908, CVE-2009-3290
MD5 | 753e062f7da14ef5264d0068d02c7cea
Debian Linux Security Advisory 1845-1
Posted Jul 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1845-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2009-1895, CVE-2009-2287, CVE-2009-2406, CVE-2009-2407
MD5 | cb937ef420ca39f3a63daa8f91116bab
Debian Linux Security Advisory 1844-1
Posted Jul 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1844-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2009-1385, CVE-2009-1389, CVE-2009-1630, CVE-2009-1633, CVE-2009-1895, CVE-2009-1914, CVE-2009-1961, CVE-2009-2406, CVE-2009-2407
MD5 | 97a5d0636d003814283d4ac9ef9f4e82
Ubuntu Security Notice 807-1
Posted Jul 29, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-807-1 - Michael Tokarev discovered that the RTL8169 network driver did not correctly validate buffer sizes. A remote attacker on the local network could send specially traffic traffic that would crash the system or potentially grant elevated privileges. Julien Tinnes and Tavis Ormandy discovered that when executing setuid processes the kernel did not clear certain personality flags. A local attacker could exploit this to map the NULL memory page, causing other vulnerabilities to become exploitable. Ubuntu 6.06 was not affected. Matt T. Yourst discovered that KVM did not correctly validate the page table root. A local attacker could exploit this to crash the system, leading to a denial of service. Ubuntu 6.06 was not affected. Ramon de Carvalho Valle discovered that eCryptfs did not correctly validate certain buffer sizes. A local attacker could create specially crafted eCryptfs files to crash the system or gain elevated privileges. Ubuntu 6.06 was not affected.

tags | advisory, remote, denial of service, kernel, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-1389, CVE-2009-1895, CVE-2009-2287, CVE-2009-2406, CVE-2009-2407
MD5 | e38a3fc62c247224d7479101484e3b18
Page 1 of 1
Back1Next

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    3 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    21 Files
  • 22
    Jan 22nd
    19 Files
  • 23
    Jan 23rd
    19 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close