Linux kernel version 2.6.32 (Ubuntu 10.04) suffers from a /proc handling setuid privilege escalation vulnerability.
3594c9413e10a2969f55206fd998c42d9a560202fece7a9015817bf484936e19VMware Security Advisory 2012-0013 - VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.
ab37b6926b046653acdeeef66e7c85baRed Hat Security Advisory 2012-0116-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. Non-member VLAN packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.
71cb08ef2d809cd41a86b8da8e6cf0581e7d7544405546ba07d973f409a56d8fRed Hat Security Advisory 2012-0007-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk.
14cc28a3df69b8e6b2fc6473a6b5dacebe7c4ddbba6984ec740c93d61e9322dbRed Hat Security Advisory 2011-1530-03 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. Non-member VLAN packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.
0ea0d8d1bd62a748fefde36e3fb68a6860a5459a3012b4b4223b673f37abf7b8Ubuntu Security Notice 1256-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.
065ea3de04cbda6ba2f070db62f0f0ff03f73b678f1a9b1d73799d5e8bba15abUbuntu Security Notice 1218-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
7ce613f6fb82e60467fe2db0120524df0114dd4f622231bc1bba67151a5b6582Ubuntu Security Notice 1216-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
632b7c41843d8b08abd09aa566debae12f62d2202a245defc954e205b756668dDebian Linux Security Advisory 2310-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.
0ade6375df4fb18e4bf4cc0f6541e056556cbe078ca3ef9db083dea13e260836Ubuntu Security Notice 1212-1 - Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. Various other issues were also addressed.
f2bd89a7fb4e075ddf3c443cc67ea905e50e3d359edda7464f4642e35cf7b84eUbuntu Security Notice 1211-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.
c722fd7511a442653d720916be5133aeccaba801f39a3fdb017e7ee6b3699415Ubuntu Security Notice 1208-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
c72d25c5c02bfb1b3dd8b578a0fff242bb575640e763f8cf25379ff8a0fc30baUbuntu Security Notice 1205-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.
e901cc91b033169b3dfc85934ff4ac4f1d05b966694731a50e4441e8edea0d07Ubuntu Security Notice 1204-1 - Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.
d65a3d265010dcc757cc58fad050e2727d47806e2609d736043b0ff3e79a9e82Ubuntu Security Notice 1203-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
286bb941d7141b756b5c455e3e57f8e085d01c33d50b9139d9d2c90312850771Ubuntu Security Notice 1201-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.
594e6301fd8adfd138461fd891793167bc75a8565f367e0d80fc7bc3941f4ea0Red Hat Security Advisory 2011-1253-01 - Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.0. The Red Hat Security Response Team has rated this update as having important security impact.
5d74eae8a478f1639bcefe4abf0a381df1d68b77824da152d114e20cc673b84aDebian Linux Security Advisory 2303-2 - The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a regression that can result in an oops during invalid accesses to /proc/<pid>/maps files.
5e72a6c97cffe3e5d4480641de2e9dd75b8941004f9b3efb715136b76b23e635Debian Linux Security Advisory 2303-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
72d50088cc453629042c1d2a8fe39ec8d1f2442c069a5c04c5bf02d848669ad6Ubuntu Security Notice 1189-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.
297983344851a28369271ac3e74f0268a28bd05b499c87b25c5708bf72c76d42
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed