exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

CVE-2013-2094

Status Candidate

Overview

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

Related Files

Ubuntu 12.04 3.x x86_64 perf_swevent_init Local Root
Posted Jun 2, 2014
Authored by Vitaly Nikolenko

Ubuntu 12.04 3.x x86_64 perf_swevent_init local kernel root exploit. Based on semtex.c.

tags | exploit, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2013-2094
SHA-256 | fd9f72a2dd8542f0cfadb2584eac4af048d1bf2fa6f239359482f9522ecc290d
Linux perf_swevent_init Privilege Escalation
Posted Mar 12, 2014
Authored by Brad Spengler, Sorbo

This is a ROP exploit variant of the perf_swevent_init local root exploit for the Linux kernel versions prior to 3.8.9 for x86_64.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2013-2094
SHA-256 | f2e2d43cd1b1f6062d1700da019b5cc1e08dbf07427dcb52fc47281b57ddf45f
Mandriva Linux Security Advisory 2013-176
Posted Jun 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-176 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2012-5532, CVE-2012-6548, CVE-2012-6549, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0290, CVE-2013-0311, CVE-2013-0914, CVE-2013-1763, CVE-2013-1767, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-2141, CVE-2013-2146, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-2596, CVE-2013-2634, CVE-2013-2635
SHA-256 | ae2f3459ec3bdf76b4bab9b9b1aed7e5bb62fecbaa5d70cf041846a180464d66
Linux perf_swevent_init Local Root
Posted Jun 11, 2013
Authored by Sorbo

perf_swevent_init local root exploit for the Linux kernel versions prior to 3.8.9 for x86_64. Based off of sd's exploit.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2013-2094
SHA-256 | 59caf806b1911994747249031fa80d9f7f763d3edc8c72e2689c9b4185164b11
Ubuntu Security Notice USN-1849-1
Posted Jun 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1849-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-2094
SHA-256 | 1190961f18f6ce294b358eeb648601bc1ef8a1a7bf350f61695df002948ed7b8
Ubuntu Security Notice USN-1838-1
Posted May 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1838-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094, CVE-2013-1929, CVE-2013-1929, CVE-2013-2094
SHA-256 | 56988ff0df6a0f61b5822639fca00113441c09201b2d0bff164ced0de152ac12
Ubuntu Security Notice USN-1839-1
Posted May 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1839-1 - A flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2013-2094, CVE-2013-1979, CVE-2013-1929, CVE-2013-3301, CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-3301
SHA-256 | 86ed1e11ed9cf4931a18e84838efdd7f1f497b8d0f4b6080dd50c1bfa77d545d
Ubuntu Security Notice USN-1836-1
Posted May 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1836-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094, CVE-2013-1929, CVE-2013-3301, CVE-2013-1929, CVE-2013-2094, CVE-2013-3301
SHA-256 | 42d076c106745f487957ef7b40c9f50928e736a03fc9cad6e39cf873660a840e
Slackware Security Advisory - kernel Updates
Posted May 21, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New Linux kernel packages are available for Slackware 13.37 and 14.0 to fix a security issue.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2013-2094
SHA-256 | 789b1959ad424171a49be0fe4ba4dc50597750f538a268707ec4d0a98d5e4e17
Red Hat Security Advisory 2013-0829-01
Posted May 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0829-01 - Security fixes: It was found that the kernel-rt update RHBA-2012:0044 introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges. A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is available. Refer to Red Hat Knowledge Solution 373743, linked to in the References, for further information and mitigation instructions for users who are unable to immediately apply this update.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-0913, CVE-2013-0914, CVE-2013-1767, CVE-2013-1774, CVE-2013-1792, CVE-2013-1819, CVE-2013-1848, CVE-2013-1860, CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-2634, CVE-2013-2635, CVE-2013-3076, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, CVE-2013-3231
SHA-256 | 00fadee46a5e7a81db412e709a930a32fe89a5061478a9d3640649e6c28b0cc4
Red Hat Security Advisory 2013-0840-01
Posted May 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0840-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-2094
SHA-256 | 8c4f3589decd256219ecbc2efd3813bcf9a320630af3098220eb094ba9a4ac81
Red Hat Security Advisory 2013-0841-01
Posted May 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0841-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-2094
SHA-256 | 8236b51f3a442aea68c2b29e3ee3c4089f5d4682ea0e1005cba90cd48b1bf3cf
Red Hat Security Advisory 2013-0832-01
Posted May 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0832-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-2094
SHA-256 | 16ebeb97ba0237baefdabcda52e494ff100d3a172e89cd6d916049e2d170d1a2
Red Hat Security Advisory 2013-0830-01
Posted May 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0830-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-2094
SHA-256 | e1ba7d97c796e3728e54bbe5dc6f6585c52bd5bbc310c337a723147e6569a753
Debian Security Advisory 2669-1
Posted May 16, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2669-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-0160, CVE-2013-1796, CVE-2013-1929, CVE-2013-1979, CVE-2013-2015, CVE-2013-2094, CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3227, CVE-2013-3228, CVE-2013-3229, CVE-2013-3231, CVE-2013-3234, CVE-2013-3235, CVE-2013-3301
SHA-256 | bcfe3afbb4182656ff4cebf2d30b08f1bd994ad473bc4830c1ed33aa786d930e
Ubuntu Security Notice USN-1828-1
Posted May 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1828-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094
SHA-256 | fd37035618e80606f4668e9c073a2afa7344c987b9afdf487036c675526a79ba
Ubuntu Security Notice USN-1827-1
Posted May 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1827-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094
SHA-256 | d084c927d37fa7856a86a1c67d0cb08ce49025ed4b65ba08c08ee16befb718f3
Ubuntu Security Notice USN-1826-1
Posted May 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1826-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094
SHA-256 | 48f6afef383991ac79f1dbdacf15e1d7e2ad5d5db8a458e6f8e361b6505c3ccb
Ubuntu Security Notice USN-1825-1
Posted May 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1825-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2094
SHA-256 | f288e8151e0a1203f7ac5f4deed6ee57292f26d67ab3ed7e7e441bc75e05c650
Linux PERF_EVENTS Local Root
Posted May 14, 2013
Authored by sd

Linux local root exploit that requires that PERF_EVENTS be compiled into the kernel. This has been fixed in 3.8.10. This bug apparently got backported from 2.6.37 into CentOS5 2.6.32 kernels.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2013-2094
SHA-256 | 2f5dc509c381d9e991e5bf9ec1e43911abf68baf1a9e3035473ddfd75ba8c11a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close