Showing 1 - 4 of 4

CVE-2011-1479

Status Candidate

Overview

Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250.

Related Files

Ubuntu Security Notice USN-1256-1: Posted Nov 9, 2011; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1256-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.; tags | advisory, kernel, local, vulnerability; systems | linux, ubuntu; advisories | CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1478, CVE-2011-1479, CVE-2011-1493, CVE-2011-1573, CVE-2011-1576, CVE-2011-1577, CVE-2011-1581, CVE-2011-1585, CVE-2011-1767, CVE-2011-1768, CVE-2011-1771, CVE-2011-1776, CVE-2011-1833, CVE-2011-2183, CVE-2011-2213, CVE-2011-2479, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2493, CVE-2011-2494; SHA-256 | 065ea3de04cbda6ba2f070db62f0f0ff03f73b678f1a9b1d73799d5e8bba15ab; Download | Favorite | View

Ubuntu Security Notice USN-1243-1: Posted Oct 25, 2011; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1243-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.; tags | advisory, remote, denial of service, local; systems | linux, ubuntu; advisories | CVE-2011-1479, CVE-2011-2494, CVE-2011-2495, CVE-2011-2695, CVE-2011-2905, CVE-2011-2909, CVE-2011-3188, CVE-2011-3363; SHA-256 | 17f248b3931a988aad14812534c1789db9fb19d3669e1520b000fb81fd5b0df9; Download | Favorite | View

Ubuntu Security Notice USN-1242-1: Posted Oct 25, 2011; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1242-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.; tags | advisory, remote, denial of service, local; systems | linux, ubuntu; advisories | CVE-2011-1479, CVE-2011-2494, CVE-2011-2495, CVE-2011-2695, CVE-2011-2905, CVE-2011-2909, CVE-2011-3188, CVE-2011-3363, CVE-2010-4250; SHA-256 | 544731c1bb12667fa7a9b5b5b16ac0871a169440d284556042daf2acc1e9a8f4; Download | Favorite | View