what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

CVE-2011-2494

Status Candidate

Overview

kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.

Related Files

Red Hat Security Advisory 2012-0010-01
Posted Jan 11, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0010-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A malicious CIFS server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. The way fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload functionality on were handled could allow a remote attacker to cause a denial of service.

tags | advisory, remote, denial of service, kernel, udp
systems | linux, redhat
advisories | CVE-2011-1162, CVE-2011-2494, CVE-2011-2723, CVE-2011-2898, CVE-2011-3188, CVE-2011-3191, CVE-2011-3353, CVE-2011-3359, CVE-2011-3363, CVE-2011-3637, CVE-2011-4081, CVE-2011-4110, CVE-2011-4132, CVE-2011-4326
MD5 | fef4d4e68b2f0a6500318db2dfce9ac7
Ubuntu Security Notice USN-1294-1
Posted Dec 8, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1294-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-1162, CVE-2011-2494, CVE-2011-2942, CVE-2011-3209, CVE-2011-3638, CVE-2011-4081, CVE-2011-4087, CVE-2011-4326
MD5 | 4140a017e41c8e07afe8d2c3038b67a3
Ubuntu Security Notice USN-1285-1
Posted Nov 30, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1285-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-2183, CVE-2011-2491, CVE-2011-2494, CVE-2011-2495, CVE-2011-2517, CVE-2011-2905, CVE-2011-2909
MD5 | e74dde7810f3e397c92db107a7f9f975
Red Hat Security Advisory 2011-1479-01
Posted Nov 30, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1479-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2011-1162, CVE-2011-1898, CVE-2011-2203, CVE-2011-2494, CVE-2011-3363, CVE-2011-4110
MD5 | d02c2d86522890a0fceb829fd283f7cc
Ubuntu Security Notice USN-1281-1
Posted Nov 27, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1281-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-2183, CVE-2011-2479, CVE-2011-2491, CVE-2011-2494, CVE-2011-2495, CVE-2011-2496, CVE-2011-2517, CVE-2011-2905, CVE-2011-2909, CVE-2011-3363
MD5 | aecce7ab016e9e29fd83a81e5038ab8d
Ubuntu Security Notice USN-1279-1
Posted Nov 24, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1279-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-2183, CVE-2011-2491, CVE-2011-2494, CVE-2011-2495, CVE-2011-2517, CVE-2011-2905, CVE-2011-2909
MD5 | b453296a7d8bffc0468a45fc6110c91e
Red Hat Security Advisory 2011-1465-01
Posted Nov 23, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1465-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. A signedness issue was found in the Linux kernel's CIFS implementation. A malicious CIFS server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted.

tags | advisory, remote, denial of service, kernel
systems | linux, redhat
advisories | CVE-2011-1162, CVE-2011-1577, CVE-2011-2494, CVE-2011-2699, CVE-2011-2905, CVE-2011-3188, CVE-2011-3191, CVE-2011-3353, CVE-2011-3359, CVE-2011-3363, CVE-2011-3593, CVE-2011-4326
MD5 | 6d97c1bb9c02cdad719d464542d195d9
Ubuntu Security Notice USN-1275-1
Posted Nov 22, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1275-1 - Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2011-2494
MD5 | bea5efaf54d7deff1090ffcb728023b0
Ubuntu Security Notice USN-1260-1
Posted Nov 15, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1260-1 - Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2011-2494
MD5 | e49fa4873e2809d120f68766cde30dfc
Ubuntu Security Notice USN-1256-1
Posted Nov 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1256-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1478, CVE-2011-1479, CVE-2011-1493, CVE-2011-1573, CVE-2011-1576, CVE-2011-1577, CVE-2011-1581, CVE-2011-1585, CVE-2011-1767, CVE-2011-1768, CVE-2011-1771, CVE-2011-1776, CVE-2011-1833, CVE-2011-2183, CVE-2011-2213, CVE-2011-2479, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2493, CVE-2011-2494
MD5 | ee2685f0b4d767be1169393f2ba5d7c7
Ubuntu Security Notice USN-1253-1
Posted Nov 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1253-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
MD5 | 7761ddb7b1ba2737c6628228e6c4243d
Ubuntu Security Notice USN-1245-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1245-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
MD5 | a377b41087e2fdf775b805d448907abc
Ubuntu Security Notice USN-1244-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1244-1 - Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-3873, CVE-2011-2183, CVE-2011-2491, CVE-2011-2494, CVE-2011-2495, CVE-2011-2517, CVE-2011-2695, CVE-2011-2905, CVE-2011-2909, CVE-2011-3363
MD5 | 4483b1d256342df0c0be0cc7f289dd23
Ubuntu Security Notice USN-1243-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1243-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-1479, CVE-2011-2494, CVE-2011-2495, CVE-2011-2695, CVE-2011-2905, CVE-2011-2909, CVE-2011-3188, CVE-2011-3363
MD5 | fff4a0f314b96a2bab0a25782dc9e3c4
Ubuntu Security Notice USN-1242-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1242-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-1479, CVE-2011-2494, CVE-2011-2495, CVE-2011-2695, CVE-2011-2905, CVE-2011-2909, CVE-2011-3188, CVE-2011-3363, CVE-2010-4250
MD5 | a1392163976dafaae4ee98fda84eec69
Ubuntu Security Notice USN-1241-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1241-1 - It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2011-1573, CVE-2011-1576, CVE-2011-1776, CVE-2011-2213, CVE-2011-2494, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2525, CVE-2011-2695, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191, CVE-2011-3363
MD5 | 447c461aca2cec9be3fb95e5c596cd81
Ubuntu Security Notice USN-1240-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1240-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
MD5 | 7f8b27a4895207903ddd22763f71b81a
Ubuntu Security Notice USN-1239-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1239-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
MD5 | 0145fca527819eed3f01ab8622ae7882
Ubuntu Security Notice USN-1236-1
Posted Oct 20, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1236-1 - It was discovered that the Auerswald usb driver incorrectly handled lengths of the USB string descriptors. A local attacker with physical access could insert a specially crafted USB device and gain root privileges. It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. Various other issues were also addressed.

tags | advisory, remote, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2009-4067, CVE-2011-1573, CVE-2011-2494, CVE-2011-2495, CVE-2011-3188
MD5 | ae2696646303ce38ff705e1ba28f25ad
Page 1 of 1
Back1Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    12 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close