exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2013-2548

Status Candidate

Overview

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.

Related Files

Mandriva Linux Security Advisory 2013-176
Posted Jun 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-176 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2012-5532, CVE-2012-6548, CVE-2012-6549, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0290, CVE-2013-0311, CVE-2013-0914, CVE-2013-1763, CVE-2013-1767, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-2141, CVE-2013-2146, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-2596, CVE-2013-2634, CVE-2013-2635
SHA-256 | ae2f3459ec3bdf76b4bab9b9b1aed7e5bb62fecbaa5d70cf041846a180464d66
Red Hat Security Advisory 2013-0829-01
Posted May 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0829-01 - Security fixes: It was found that the kernel-rt update RHBA-2012:0044 introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges. A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is available. Refer to Red Hat Knowledge Solution 373743, linked to in the References, for further information and mitigation instructions for users who are unable to immediately apply this update.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-0913, CVE-2013-0914, CVE-2013-1767, CVE-2013-1774, CVE-2013-1792, CVE-2013-1819, CVE-2013-1848, CVE-2013-1860, CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-2634, CVE-2013-2635, CVE-2013-3076, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, CVE-2013-3231
SHA-256 | 00fadee46a5e7a81db412e709a930a32fe89a5061478a9d3640649e6c28b0cc4
Ubuntu Security Notice USN-1797-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1797-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
SHA-256 | a4a59e154444bb54573d25de54ff8e028d266532aeef1b383f5040e736e717a9
Ubuntu Security Notice USN-1796-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1796-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
SHA-256 | 18caef66a2d5897aa9eeb54f75e1c5a517586d65300e5331cac6b99ca1877e4e
Ubuntu Security Notice USN-1795-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1795-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0228, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
SHA-256 | a9481d24bc57e8b82ca02fbcb22d9006dbf916f84232799a870764473cd77d6e
Ubuntu Security Notice USN-1794-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1794-1 - Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). A memory use after free error was discover in the Linux kernel's tmpfs filesystem. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
SHA-256 | adaadd6df03505a3dad8d962705b2d85d628cc8bf7a8b62e35a748db1edff468
Ubuntu Security Notice USN-1793-1
Posted Apr 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1793-1 - Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). A memory use after free error was discover in the Linux kernel's tmpfs filesystem. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548
SHA-256 | e1409ef024b6212b888691375b207e24273c0b42a9ff7f6e21fddeee663aff73
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close