what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2011-4086

Status Candidate

Overview

The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal.

Related Files

Ubuntu Security Notice USN-1458-1
Posted Jun 1, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1458-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was discovered in the Linux kernel's cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. H. Peter Anvin reported a flaw in the Linux kernel that could crash the system. A local user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-2100, CVE-2011-4086, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-2100
SHA-256 | 351dbb8a5b12503c42271509730cb86bad79aba2f4a02c0d7863862d1499e767
Ubuntu Security Notice USN-1454-1
Posted May 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1454-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086
SHA-256 | f28320f5538e98298ed28cf4be19ea1c9e1808d3f2e263ff05dd1b27f77c788d
Ubuntu Security Notice USN-1453-1
Posted May 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1453-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086, CVE-2012-1601, CVE-2012-2123, CVE-2011-4086, CVE-2012-1601, CVE-2012-2123
SHA-256 | 0ce91b7b629cfee8a757c0aaf95f5ab728dc7c0c8392a5ba774db361dc1f15e3
Ubuntu Security Notice USN-1445-1
Posted May 18, 2012
Site security.ubuntu.com

Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.

advisories | CVE-2011-4086, CVE-2012-1601, CVE-2012-2123, CVE-2011-4086, CVE-2012-1601, CVE-2012-2123
SHA-256 | 7d0b2e8d139bbdf7e42fc75ff657d5dc4fdf2c134147403f44f2f71576098f00
Ubuntu Security Notice USN-1445-1
Posted May 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086, CVE-2012-1601, CVE-2012-2123, CVE-2011-4086, CVE-2012-1601, CVE-2012-2123
SHA-256 | 7d0b2e8d139bbdf7e42fc75ff657d5dc4fdf2c134147403f44f2f71576098f00
Red Hat Security Advisory 2012-0670-01
Posted May 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0670-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. When a set user ID application is executed, certain personality flags for controlling the application's behavior are cleared. It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise MRG is made privileged via file system capabilities.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2011-4086, CVE-2012-2123
SHA-256 | c88db0a1f1b7343e27cc22e518f7258062840aebeea6f425936d381a312cd433
Red Hat Security Advisory 2012-0571-01
Posted May 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0571-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's journal_unmap_buffer() function handled buffer head states. On systems that have an ext4 file system with a journal mounted, a local, unprivileged user could use this flaw to cause a denial of service. A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A local, unprivileged user on a KVM host could use this flaw to crash the host.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-4086, CVE-2012-1601
SHA-256 | 1410f3b7136c37ec0494b578f722198e2419cd69f0b58f7948f10dba37dc0d35
Debian Security Advisory 2469-1
Posted May 11, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2469-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2011-4086, CVE-2012-0879, CVE-2012-1601, CVE-2012-2123, CVE-2012-2133
SHA-256 | a3855fca7a7b37d79b7f6bcc79e55a1eb3f3c10c58793ebd4569091d400c8937
Ubuntu Security Notice USN-1440-1
Posted May 9, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1440-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-2100, CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-2100
SHA-256 | a0bc278da385b31cfe46ccd1ea6aa31d7dd04bed4a06bb0e7207f3a236fdd376
Ubuntu Security Notice USN-1432-1
Posted May 9, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1432-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was discovered in the Linux kernel's cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. A flaw was found in the Linux kernel's ext4 file system when mounting a corrupt filesystem. A user-assisted remote attacker could exploit this flaw to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086, CVE-2012-1090, CVE-2012-2100, CVE-2011-4086, CVE-2012-1090, CVE-2012-2100
SHA-256 | 1d984ede490b6edab27560da6524e46aeec59e454b4bd41011e03fc03ccec707
Ubuntu Security Notice USN-1433-1
Posted May 1, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1433-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179, CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179
SHA-256 | d91c996ccff95c6d7dd3c3aa09f0a4d61c622e96df26b9dd2000e3472ca4feec
Ubuntu Security Notice USN-1431-1
Posted May 1, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1431-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179, CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179
SHA-256 | 1f6883f19f9a2b1057e35bd8aa804fda23a4a1a09b6012236c8db13c99741688
Red Hat Security Advisory 2012-0107-01
Posted Feb 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0107-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Using the SG_IO ioctl to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device. Refer to Red Hat Knowledgebase article DOC-67874, linked to in the References, for further details about this issue.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2011-3638, CVE-2011-4086, CVE-2011-4127, CVE-2012-0028, CVE-2012-0207
SHA-256 | 0f06f08a25a1cc6f395b307753e4762964477f1ec0e20c7adb0a86df4fce7422
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close