exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

CVE-2012-0957

Status Candidate

Overview

The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.

Related Files

Ubuntu Security Notice USN-1704-2
Posted Feb 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1704-2 - USN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service. A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0957, CVE-2012-4461, CVE-2012-4508, CVE-2012-4530, CVE-2012-4565, CVE-2012-5517, CVE-2012-5532
SHA-256 | e9e792aadc97786927427c783a1b1572627f4f272916fcaa582f0780c5890272
Ubuntu Security Notice USN-1704-1
Posted Jan 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1704-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-0957, CVE-2012-4461, CVE-2012-4508, CVE-2012-4530, CVE-2012-4565, CVE-2012-5517, CVE-2012-5532, CVE-2012-0957, CVE-2012-4461, CVE-2012-4508, CVE-2012-4530, CVE-2012-4565, CVE-2012-5517, CVE-2012-5532
SHA-256 | cee34c70ba2a3639f0d2c6c944ab8c33eaab079317385ea3e05356964547c138
Red Hat Security Advisory 2012-1491-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1491-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way Netlink messages without SCM_CREDENTIALS data set were handled. When not explicitly set, the data was sent but with all values set to 0, including the process ID and user ID, causing the Netlink message to appear as if it were sent with root privileges. A local, unprivileged user could use this flaw to send spoofed Netlink messages to an application, possibly resulting in the application performing privileged operations if it relied on SCM_CREDENTIALS data for the authentication of Netlink messages.

tags | advisory, kernel, local, root, spoof
systems | linux, redhat
advisories | CVE-2012-0957, CVE-2012-2133, CVE-2012-3400, CVE-2012-3430, CVE-2012-3511, CVE-2012-3520, CVE-2012-4508, CVE-2012-4565
SHA-256 | 9fc196ee7e1a6d99be88df166bba11b7dfc2a6af8804a850b507161ce71b9c93
Ubuntu Security Notice USN-1652-1
Posted Nov 30, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1652-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-0957, CVE-2012-4565, CVE-2012-0957, CVE-2012-4565
SHA-256 | e2ab2490ada83b444a66c52183f126e16e8175d3cffdad175af3f948c4a2e280
Ubuntu Security Notice USN-1649-1
Posted Nov 30, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1649-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-0957, CVE-2012-4565, CVE-2012-0957, CVE-2012-4565
SHA-256 | 50d96a46ae540807a3cbac6d9da2f0a742defbec6c2aeb63630420490e1280e4
Ubuntu Security Notice USN-1648-1
Posted Nov 30, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1648-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-0957, CVE-2012-4565, CVE-2012-0957, CVE-2012-4565
SHA-256 | 4eb660e26fd88a32afdbb6f4745741f275f50287259f53e6fcf824c0f62ee4ce
Ubuntu Security Notice USN-1647-1
Posted Nov 30, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1647-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-0957, CVE-2012-4565, CVE-2012-0957, CVE-2012-4565
SHA-256 | bc7bae042dda4167991eaaa3aba4772592c4a371088803032bf38ec4fc7d8f3b
Ubuntu Security Notice USN-1646-1
Posted Nov 30, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1646-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-0957, CVE-2012-4565, CVE-2012-0957, CVE-2012-4565
SHA-256 | e417f1d428863d8eb7268db89617f507396def202c65c7aa89768f7915d5e0be
Ubuntu Security Notice USN-1645-1
Posted Nov 30, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1645-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-0957, CVE-2012-4565, CVE-2012-0957, CVE-2012-4565
SHA-256 | 4d3dae198ecc5f0fab30ae0aa3248050f97447564d01f2bdf33aa7274130728c
Ubuntu Security Notice USN-1644-1
Posted Nov 30, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1644-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-0957, CVE-2012-4565, CVE-2012-0957, CVE-2012-4565
SHA-256 | 5a24998d89af0c468b0e5534c8e4d28d186288d82114644816fad0f143a37bfb
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close