what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2012-4508

Status Candidate

Overview

Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.

Related Files

Red Hat Security Advisory 2013-1783-01
Posted Dec 6, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1783-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-4508, CVE-2013-2851, CVE-2013-4299
SHA-256 | cff59b9f88b0673c0f659fb3e6ef8f092e408c092cba79fe92e8d1112298771e
Red Hat Security Advisory 2013-1519-01
Posted Nov 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1519-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-4508, CVE-2013-4299
SHA-256 | b7e3670d1883b8a69860346779ea0650b4c74cff69296f9794b964c54532bad5
Ubuntu Security Notice USN-1900-1
Posted Jul 5, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1900-1 - Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. An information leak was discovered in the Linux kernel's tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. A format string vulnerability was discovered in Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-4508, CVE-2013-2141, CVE-2013-2852, CVE-2012-4508, CVE-2013-2141, CVE-2013-2852
SHA-256 | b1bcfb63b4c3b8dd01cdcabf8077b93364a3e94d0951fb54fadb9f35a122db85
Ubuntu Security Notice USN-1899-1
Posted Jul 5, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1899-1 - Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. An information leak was discovered in the Linux kernel's tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. A format string vulnerability was discovered in Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-4508, CVE-2013-2141, CVE-2013-2852, CVE-2012-4508, CVE-2013-2141, CVE-2013-2852
SHA-256 | 593e00f04b6483ec844d0d0014bec0a0aa260fbb699fc4a75dbcdbfcd38c245d
Debian Security Advisory 2668-1
Posted May 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2668-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2012-2121, CVE-2012-3552, CVE-2012-4461, CVE-2012-4508, CVE-2012-6537, CVE-2012-6539, CVE-2012-6540, CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2012-6549, CVE-2013-0349, CVE-2013-0914, CVE-2013-1767, CVE-2013-1773, CVE-2013-1774, CVE-2013-1792, CVE-2013-1796, CVE-2013-1798, CVE-2013-1826, CVE-2013-1860, CVE-2013-1928, CVE-2013-1929, CVE-2013-2015, CVE-2013-2634, CVE-2013-3222
SHA-256 | f66b5875b109e5f665558463b3f9c59ae0cb8985c108bda014534f43c51d2b5f
Red Hat Security Advisory 2013-0496-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0496-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-4508, CVE-2012-4542, CVE-2013-0190, CVE-2013-0309, CVE-2013-0310, CVE-2013-0311
SHA-256 | 3a925a69e9ed312b981ff3a349917d1490658caff3fcba8bf43104f107a6da83
Ubuntu Security Notice USN-1726-1
Posted Feb 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1726-1 - It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2669, CVE-2012-4508, CVE-2012-5532, CVE-2012-2669, CVE-2012-4508, CVE-2012-5532
SHA-256 | a3d55b9ff0b73d1df8e7409074747aabe37ecb3203cc3a90ab56e3dba8a7c4f8
Ubuntu Security Notice USN-1720-1
Posted Feb 13, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1720-1 - It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2669, CVE-2012-4508, CVE-2012-5532, CVE-2013-0190, CVE-2012-2669, CVE-2012-4508, CVE-2012-5532, CVE-2013-0190
SHA-256 | e44f09d2e5a972aa796e430101537128cafec69256c99de889a29ded2edd3bcf
Ubuntu Security Notice USN-1719-1
Posted Feb 12, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1719-1 - It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2669, CVE-2012-4508, CVE-2013-0190, CVE-2012-2669, CVE-2012-4508, CVE-2013-0190
SHA-256 | 6de26ef41062f19fa61e79d4002edf1eee71915e490a7fd9a002c826f84ae65a
Ubuntu Security Notice USN-1704-2
Posted Feb 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1704-2 - USN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service. A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0957, CVE-2012-4461, CVE-2012-4508, CVE-2012-4530, CVE-2012-4565, CVE-2012-5517, CVE-2012-5532
SHA-256 | e9e792aadc97786927427c783a1b1572627f4f272916fcaa582f0780c5890272
Ubuntu Security Notice USN-1704-1
Posted Jan 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1704-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-0957, CVE-2012-4461, CVE-2012-4508, CVE-2012-4530, CVE-2012-4565, CVE-2012-5517, CVE-2012-5532, CVE-2012-0957, CVE-2012-4461, CVE-2012-4508, CVE-2012-4530, CVE-2012-4565, CVE-2012-5517, CVE-2012-5532
SHA-256 | cee34c70ba2a3639f0d2c6c944ab8c33eaab079317385ea3e05356964547c138
Red Hat Security Advisory 2012-1540-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1540-01 - These packages contain the Linux kernel. A race condition in the way asynchronous I/O and fallocate() interacted when using ext4 could allow a local, unprivileged user to obtain random data from a deleted file. A flaw in the way the Xen hypervisor implementation range checked guest provided addresses in the XENMEM_exchange hypercall could allow a malicious, para-virtualized guest administrator to crash the hypervisor or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2012-2372, CVE-2012-3552, CVE-2012-4508, CVE-2012-4535, CVE-2012-4537, CVE-2012-5513
SHA-256 | 906829b1fdfb32f66974a1ab2f6683d5132fe8b3ba63296b4d8f44c8427f38d5
Red Hat Security Advisory 2012-1491-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1491-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way Netlink messages without SCM_CREDENTIALS data set were handled. When not explicitly set, the data was sent but with all values set to 0, including the process ID and user ID, causing the Netlink message to appear as if it were sent with root privileges. A local, unprivileged user could use this flaw to send spoofed Netlink messages to an application, possibly resulting in the application performing privileged operations if it relied on SCM_CREDENTIALS data for the authentication of Netlink messages.

tags | advisory, kernel, local, root, spoof
systems | linux, redhat
advisories | CVE-2012-0957, CVE-2012-2133, CVE-2012-3400, CVE-2012-3430, CVE-2012-3511, CVE-2012-3520, CVE-2012-4508, CVE-2012-4565
SHA-256 | 9fc196ee7e1a6d99be88df166bba11b7dfc2a6af8804a850b507161ce71b9c93
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close