seeing is believing
Showing 1 - 20 of 20 RSS Feed

CVE-2013-2094

Status Candidate

Overview

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

Related Files

Ubuntu 12.04 3.x x86_64 perf_swevent_init Local Root
Posted Jun 2, 2014
Authored by Vitaly Nikolenko

Ubuntu 12.04 3.x x86_64 perf_swevent_init local kernel root exploit. Based on semtex.c.

tags | exploit, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2013-2094
MD5 | 94de45a0e6f9685a1cccb740f7d7e2ff
Linux perf_swevent_init Privilege Escalation
Posted Mar 12, 2014
Authored by Brad Spengler, Sorbo

This is a ROP exploit variant of the perf_swevent_init local root exploit for the Linux kernel versions prior to 3.8.9 for x86_64.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2013-2094
MD5 | e1430f6d2ca818b20a18208e482335a7
Mandriva Linux Security Advisory 2013-176
Posted Jun 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-176 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2012-5532, CVE-2012-6548, CVE-2012-6549, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0290, CVE-2013-0311, CVE-2013-0914, CVE-2013-1763, CVE-2013-1767, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-2141, CVE-2013-2146, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-2596, CVE-2013-2634, CVE-2013-2635
MD5 | 72b5903a6234e4593ad51c196b8ea2fd
Linux perf_swevent_init Local Root
Posted Jun 11, 2013
Authored by Sorbo

perf_swevent_init local root exploit for the Linux kernel versions prior to 3.8.9 for x86_64. Based off of sd's exploit.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2013-2094
MD5 | ea19349db46e7096d23a3d2d37aa2249
Ubuntu Security Notice USN-1849-1
Posted Jun 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1849-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-2094
MD5 | 115fc8c4c8c25b4e821f1b840d4cc603
Ubuntu Security Notice USN-1838-1
Posted May 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1838-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094, CVE-2013-1929, CVE-2013-1929, CVE-2013-2094
MD5 | adad1674205ea47ddd3aa593e0b50878
Ubuntu Security Notice USN-1839-1
Posted May 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1839-1 - A flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2013-2094, CVE-2013-1979, CVE-2013-1929, CVE-2013-3301, CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-3301
MD5 | 619de0c64a74e0f5e95eae9dc51d28b6
Ubuntu Security Notice USN-1836-1
Posted May 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1836-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094, CVE-2013-1929, CVE-2013-3301, CVE-2013-1929, CVE-2013-2094, CVE-2013-3301
MD5 | e7f2d3dd3f83816d80e4726469e910c2
Slackware Security Advisory - kernel Updates
Posted May 21, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New Linux kernel packages are available for Slackware 13.37 and 14.0 to fix a security issue.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2013-2094
MD5 | e50f438e4b40cbc8413dc87b5c6904bb
Red Hat Security Advisory 2013-0829-01
Posted May 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0829-01 - Security fixes: It was found that the kernel-rt update RHBA-2012:0044 introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges. A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is available. Refer to Red Hat Knowledge Solution 373743, linked to in the References, for further information and mitigation instructions for users who are unable to immediately apply this update.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-0913, CVE-2013-0914, CVE-2013-1767, CVE-2013-1774, CVE-2013-1792, CVE-2013-1819, CVE-2013-1848, CVE-2013-1860, CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-2634, CVE-2013-2635, CVE-2013-3076, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, CVE-2013-3231
MD5 | 1637eb8b8e438409dfcb9c2bbce31dd7
Red Hat Security Advisory 2013-0840-01
Posted May 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0840-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-2094
MD5 | 7b3cf047ce1ad9873e524ae25c59b529
Red Hat Security Advisory 2013-0841-01
Posted May 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0841-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-2094
MD5 | 79f3a3d1931e92c1d614f23ca20d1164
Red Hat Security Advisory 2013-0832-01
Posted May 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0832-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-2094
MD5 | 7564f4f2e28e32eda5ccd4ef223a6ce5
Red Hat Security Advisory 2013-0830-01
Posted May 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0830-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-2094
MD5 | 7bb6dc79bc8e7ab3006a4f2c7b088e28
Debian Security Advisory 2669-1
Posted May 16, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2669-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-0160, CVE-2013-1796, CVE-2013-1929, CVE-2013-1979, CVE-2013-2015, CVE-2013-2094, CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3227, CVE-2013-3228, CVE-2013-3229, CVE-2013-3231, CVE-2013-3234, CVE-2013-3235, CVE-2013-3301
MD5 | e762497d8e6cf9758f4005bbd356f707
Ubuntu Security Notice USN-1828-1
Posted May 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1828-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094
MD5 | d269aaa9de87de5df96c1241c585f48c
Ubuntu Security Notice USN-1827-1
Posted May 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1827-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094
MD5 | c24bf0f6bebfcc7fe6ebe4da68713b04
Ubuntu Security Notice USN-1826-1
Posted May 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1826-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094
MD5 | fe5799c50ce713068641d2af08bcdfba
Ubuntu Security Notice USN-1825-1
Posted May 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1825-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094
MD5 | 2ea9c74054a80164c98dfb8b09bf22f1
Linux PERF_EVENTS Local Root
Posted May 14, 2013
Authored by sd

Linux local root exploit that requires that PERF_EVENTS be compiled into the kernel. This has been fixed in 3.8.10. This bug apparently got backported from 2.6.37 into CentOS5 2.6.32 kernels.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2013-2094
MD5 | cdeeb8e9586abc49bc1a34af4bc14282
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close