the original cloud security
Showing 1 - 12 of 12 RSS Feed

CVE-2013-0228

Status Candidate

Overview

The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application.

Related Files

Mandriva Linux Security Advisory 2013-176
Posted Jun 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-176 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2012-5532, CVE-2012-6548, CVE-2012-6549, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0290, CVE-2013-0311, CVE-2013-0914, CVE-2013-1763, CVE-2013-1767, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-2141, CVE-2013-2146, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-2596, CVE-2013-2634, CVE-2013-2635
MD5 | 72b5903a6234e4593ad51c196b8ea2fd
Ubuntu Security Notice USN-1808-1
Posted Apr 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1808-1 - Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796, CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796
MD5 | 68ea26cb76b7b153db4f5cee5ce01041
Ubuntu Security Notice USN-1805-1
Posted Apr 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1805-1 - Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796, CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796
MD5 | 9dde7480b2593ff7a4057b7bbaa64c81
Ubuntu Security Notice USN-1797-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1797-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
MD5 | 446c18778474d2f710b52be1a9930894
Ubuntu Security Notice USN-1796-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1796-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
MD5 | 270905acba7d9c2da321e18add8e8528
Ubuntu Security Notice USN-1795-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1795-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
MD5 | 3a2087e77f4fdd0a6e79e672256eecce
Ubuntu Security Notice USN-1781-1
Posted Mar 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1781-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu/*/msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-1774, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-1774
MD5 | cc1f51132107651d4f6c9ac23e0388ff
Ubuntu Security Notice USN-1778-1
Posted Mar 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1778-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu/*/msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773
MD5 | be3270398506e6ff2a7824cd4e5ef20b
Ubuntu Security Notice USN-1767-1
Posted Mar 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1767-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-1774, CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-1774
MD5 | b4722f2bde05c5e4fd7583d00fd3895f
Ubuntu Security Notice USN-1760-1
Posted Mar 13, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1760-1 - A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. A memory leak was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS could trigger this flaw to cause a denial of service on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, memory leak
systems | linux, ubuntu
advisories | CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773
MD5 | bf974e96001c4add92de0057fa912944
Red Hat Security Advisory 2013-0630-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0630-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the xen_iret() function in the Linux kernel used the DS register. A local, unprivileged user in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to crash the guest or, potentially, escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-0228, CVE-2013-0268
MD5 | efac28bcc10f135ebd19ca74e770608c
Ubuntu Security Notice USN-1756-1
Posted Mar 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1756-1 - A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. A memory leak was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS could trigger this flaw to cause a denial of service on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, memory leak
systems | linux, ubuntu
advisories | CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-1773
MD5 | 76f0c9df3c89b3fe3d8bc62fe88a91c9
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close