what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2010-4655

Status Candidate

Overview

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.

Related Files

Ubuntu Security Notice USN-1202-1
Posted Sep 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Various other issues were also addressed.

tags | exploit, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2010-4081, CVE-2010-3296, CVE-2010-3297, CVE-2010-3858, CVE-2010-3859, CVE-2010-3874, CVE-2010-3880, CVE-2010-4073, CVE-2010-4075, CVE-2010-4076, CVE-2010-4077, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4157, CVE-2010-4160, CVE-2010-4162, CVE-2010-4163, CVE-2010-4169, CVE-2010-4175, CVE-2010-4242, CVE-2010-4243, CVE-2010-4248, CVE-2010-4256, CVE-2010-4565, CVE-2010-4649, CVE-2010-4655
SHA-256 | b470551b1de773c77d363adf5b0cb1910cc8654d0405c8a191ad8f00fd5d2535
Ubuntu Security Notice USN-1164-1
Posted Jul 6, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1164-1 - Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Dan Rosenberg discovered that the CAN protocol on 64bit systems did not correctly calculate the size of certain buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Various other issues were also addressed.

tags | advisory, arbitrary, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2010-4081, CVE-2010-3865, CVE-2010-3874, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4157, CVE-2010-4164, CVE-2010-4248, CVE-2010-4258, CVE-2010-4342, CVE-2010-4346, CVE-2010-4527, CVE-2010-4529, CVE-2010-4565, CVE-2010-4655, CVE-2010-4656, CVE-2011-0463, CVE-2011-0521, CVE-2011-0695, CVE-2011-0711, CVE-2011-0712, CVE-2011-1017
SHA-256 | 4e4395012a3efacb0412aff2ad1192af5495aeffbe292f807d0de267e1af68f2
Debian Security Advisory 2264-1
Posted Jun 19, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2264-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2010-2524, CVE-2010-3875, CVE-2010-4075, CVE-2010-4655, CVE-2011-0695, CVE-2011-0710, CVE-2011-0711, CVE-2011-0726, CVE-2011-1010, CVE-2011-1012, CVE-2011-1017, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1090, CVE-2011-1093, CVE-2011-1160, CVE-2011-1163, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1180, CVE-2011-1182, CVE-2011-1477, CVE-2011-1493, CVE-2011-1577, CVE-2011-1593
SHA-256 | 4651fa67004a9e7d7332ee7abc2daad2af631e68a48c132d8217d95854217ba6
Ubuntu Security Notice USN-1146-1
Posted Jun 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1146-1 - Kees Cook discovered that some ethtool functions did not correctly clear heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit this to read portions of kernel heap memory, leading to a loss of privacy. Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2010-4655, CVE-2010-4656, CVE-2011-0463, CVE-2011-0695, CVE-2011-0712, CVE-2011-1012, CVE-2011-1017, CVE-2011-1593
SHA-256 | 587a331a188a15742c49cc3c31453d858c70c6ea710797e17fa98b2b7a3b4316
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close