Showing 1 - 3 of 3

CVE-2012-0055

Status Candidate

Overview

OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.

Related Files

Ubuntu Security Notice USN-1384-1: Posted Mar 6, 2012; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1384-1 - A bug was discovered in the Linux kernel's calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. Various other issues were also addressed.; tags | advisory, kernel, local; systems | linux, ubuntu; advisories | CVE-2011-4097, CVE-2011-4127, CVE-2011-4622, CVE-2012-0038, CVE-2012-0055, CVE-2012-0207, CVE-2011-4097, CVE-2011-4127, CVE-2011-4622, CVE-2012-0038, CVE-2012-0055, CVE-2012-0207; SHA-256 | ba35da89b5eae8117d31f718c99da404c1ff80d437df5bc034c13a24bb0b4c94; Download | Favorite | View

Ubuntu Security Notice USN-1364-1: Posted Feb 13, 2012; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1364-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules (LSMs). A local user could exploit this to by-pass security policy and access files that should not be accessible. Various other issues were also addressed.; tags | advisory, arbitrary, local; systems | linux, ubuntu; advisories | CVE-2012-0038, CVE-2012-0055, CVE-2012-0056, CVE-2012-0207, CVE-2012-0038, CVE-2012-0055, CVE-2012-0056, CVE-2012-0207; SHA-256 | e847291e2956e9eeb864470a8ac967e656c915178d520472524b2f9834c84e45; Download | Favorite | View

Ubuntu Security Notice USN-1363-1: Posted Feb 13, 2012; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1363-1 - A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules (LSMs). A local user could exploit this to by-pass security policy and access files that should not be accessible. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary, local; systems | linux, ubuntu; advisories | CVE-2011-4622, CVE-2012-0038, CVE-2012-0055, CVE-2012-0207, CVE-2011-4622, CVE-2012-0038, CVE-2012-0055, CVE-2012-0207; SHA-256 | 00db81ad81883140a2fb9f8a3cf95426da7934bf25c0269359abe6ac6c16194c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 227 files
Ubuntu 94 files
Gentoo 29 files
Debian 21 files
tmrswrr 9 files
Sina Kheirkhah 7 files
bRpsd 4 files
Amit Roy 4 files
nu11secur1ty 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,075)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,529)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,299)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,236)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,642)
UNIX (9,424)
UnixWare (187)
Windows (6,665)
Other

CVE-2012-0055

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems