exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2010-4249

Status Candidate

Overview

The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.

Related Files

Ubuntu Security Notice USN-1186-1
Posted Aug 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1186-1 - Dan Rosenberg discovered that IPC structures were not correctly initialized on 64bit systems. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Steve Chen discovered that setsockopt did not correctly check MSS values. A local attacker could make a specially crafted socket call to crash the system, leading to a denial of service. Vladymyr Denysov discovered that Xen virtual CD-ROM devices were not handled correctly. A local attacker in a guest could make crafted blkback requests that would crash the host, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-4073, CVE-2010-4165, CVE-2010-4238, CVE-2010-4249, CVE-2010-4649, CVE-2011-0711, CVE-2011-1010, CVE-2011-1044, CVE-2011-1090, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-2484, CVE-2011-2534
SHA-256 | c3a47a1e53eb2444ce4455bf4ddc8ae62e5c824fec3c47e3051068cd376a1811
Ubuntu Security Notice USN-1167-1
Posted Jul 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1167-1 - Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that the CAN protocol on 64bit systems did not correctly calculate the size of certain buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2010-3859, CVE-2010-3874, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4158, CVE-2010-4162, CVE-2010-4163, CVE-2010-4164, CVE-2010-4165, CVE-2010-4169, CVE-2010-4175, CVE-2010-4243, CVE-2010-4248, CVE-2010-4249, CVE-2010-4256, CVE-2010-4258, CVE-2010-4342, CVE-2010-4346, CVE-2010-4527, CVE-2010-4529, CVE-2010-4565, CVE-2010-4649, CVE-2010-4668, CVE-2011-0463, CVE-2011-0521, CVE-2011-0695
SHA-256 | 8526a398ece12352476245b529d050abf1036c6d1dbd6b2e79564438cb5f197c
Ubuntu Security Notice USN-1111-1
Posted May 5, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1111-1 - Multiple vulnerabilities have been addressed in the Linux 2.6 kernel. Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. Vegard Nossum discovered that memory garbage collection was not handled correctly for active sockets. Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. Jens Kuehnel discovered that the InfiniBand driver contained a race condition. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values.

tags | advisory, kernel, udp, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-4164, CVE-2010-4249, CVE-2010-4258, CVE-2010-4342, CVE-2010-4527, CVE-2010-4529, CVE-2011-0521, CVE-2011-0695, CVE-2011-1017
SHA-256 | 6cec849465bfd640c211a3880a5ba0add1b75c474ec483fdabb902841493d744
Ubuntu Security Notice USN-1119-1
Posted Apr 20, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1119-1 - Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2010-3849, CVE-2010-3850, CVE-2010-2954, CVE-2010-2955, CVE-2010-2960, CVE-2010-2962, CVE-2010-2963, CVE-2010-3079, CVE-2010-3080, CVE-2010-3081, CVE-2010-3437, CVE-2010-3705, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-3861, CVE-2010-3865, CVE-2010-3873, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3904, CVE-2010-4072, CVE-2010-4079, CVE-2010-4158, CVE-2010-4164, CVE-2010-4165, CVE-2010-4249
SHA-256 | ee2b27059547517c9b31d6346cedd7eacba9014e9eeb821192ed01e86e778b49
Ubuntu Security Notice USN-1073-1
Posted Feb 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1073-1 - Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Gleb Napatov discovered that KVM did not correctly check certain privileged operations. Dan Jacobson discovered that ThinkPad video output was not correctly access controlled. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. Dan Rosenberg discovered that the USB subsystem did not correctly initialize certain structures. Various other issues have also been addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-0435, CVE-2010-3448, CVE-2010-3698, CVE-2010-3859, CVE-2010-3865, CVE-2010-3873, CVE-2010-3874, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4074, CVE-2010-4078, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4157, CVE-2010-4160, CVE-2010-4165, CVE-2010-4169, CVE-2010-4248, CVE-2010-4249
SHA-256 | 6ba8f6c6dc8aeeea6fd8953752f7beab7c32ebb9e112702d7ac851c16c79263a
Ubuntu Security Notice USN-1054-1
Posted Feb 2, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1054-1 - Gleb Napatov discovered that KVM did not correctly check certain privileged operations. A local attacker with access to a guest kernel could exploit this to crash the host system, leading to a denial of service. Steve Chen discovered that setsockopt did not correctly check MSS values. A local attacker could make a specially crafted socket call to crash the system, leading to a denial of service. Dave Jones discovered that the mprotect system call did not correctly handle merged VMAs. A local attacker could exploit this to crash the system, leading to a denial of service. Vegard Nossum discovered that memory garbage collection was not handled correctly for active sockets. A local attacker could exploit this to allocate all available kernel memory, leading to a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-0435, CVE-2010-4165, CVE-2010-4169, CVE-2010-4249
SHA-256 | 06dbb5e01b944299deccb88d5069d0243dcec4c7f68e9d46380138f362abea3b
Debian Security Advisory 2153-1
Posted Jan 31, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2153-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2010-0435, CVE-2010-3699, CVE-2010-4158, CVE-2010-4162, CVE-2010-4163, CVE-2010-4242, CVE-2010-4243, CVE-2010-4248, CVE-2010-4249, CVE-2010-4258, CVE-2010-4342, CVE-2010-4346, CVE-2010-4526, CVE-2010-4527, CVE-2010-4529, CVE-2010-4565, CVE-2010-4649, CVE-2010-4656, CVE-2010-4668, CVE-2011-0521
SHA-256 | 8325ac762b97fadf5ff408a660bd3635c9b9e72fedb6bc2b1aa5b5ae6dbec3e8
Linux Kernel Unix Sockets Denial Of Service
Posted Nov 27, 2010
Authored by Key Night

This is a Linux kernel unix sockets local denial of service proof of concept exploit.

tags | exploit, denial of service, kernel, local, proof of concept
systems | linux, unix
advisories | CVE-2010-4249
SHA-256 | 22d2d1ff127a1c6d5b46f953ae308a67cf8b6295e77a9583e6e40446c6a8f6eb
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close