what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

CVE-2013-2851

Status Candidate

Overview

Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.

Related Files

Red Hat Security Advisory 2014-0284-01
Posted Mar 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0284-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, local, udp, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2851, CVE-2013-4387, CVE-2013-4470, CVE-2013-4591, CVE-2013-6367, CVE-2013-6368, CVE-2013-6381
SHA-256 | 8cfc7fc325fe40888918ba9e8f2de222f45256f4ab9832b9a6acc34dd00ab357
Red Hat Security Advisory 2013-1783-01
Posted Dec 6, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1783-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-4508, CVE-2013-2851, CVE-2013-4299
SHA-256 | cff59b9f88b0673c0f659fb3e6ef8f092e408c092cba79fe92e8d1112298771e
Red Hat Security Advisory 2013-1645-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1645-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, udp
systems | linux, redhat
advisories | CVE-2012-6542, CVE-2012-6545, CVE-2013-0343, CVE-2013-1928, CVE-2013-1929, CVE-2013-2164, CVE-2013-2234, CVE-2013-2851, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-3231, CVE-2013-4345, CVE-2013-4387, CVE-2013-4591, CVE-2013-4592
SHA-256 | 97d65ec407c60f5d7fb845675304c446d1888daf065dc7d8976e4e16c33033ab
Debian Security Advisory 2766-1
Posted Sep 30, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2766-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-2141, CVE-2013-2164, CVE-2013-2206, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2239, CVE-2013-2851, CVE-2013-2852, CVE-2013-2888, CVE-2013-2892
SHA-256 | 6db36db0cf544b0d71fd346914fc4f771d7d6bf477af2e61c0f394af113ed5df
Red Hat Security Advisory 2013-1264-01
Posted Sep 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1264-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to cause a denial of service on a system or, potentially, escalate their privileges on that system. A flaw was found in the Linux kernel's Performance Events implementation. On systems with certain Intel processors, a local, unprivileged user could use this flaw to cause a denial of service by leveraging the perf subsystem to write into the reserved bits of the OFFCORE_RSP_0 and OFFCORE_RSP_1 model-specific registers.

tags | advisory, remote, denial of service, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-2058, CVE-2013-2141, CVE-2013-2146, CVE-2013-2147, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2850, CVE-2013-2851, CVE-2013-2852, CVE-2013-3301, CVE-2013-4162, CVE-2013-4163
SHA-256 | 9a5ec9f9c7d4781ea08fab5e5ddb59d96541a57787d7f358e43fe24a1469e30c
Ubuntu Security Notice USN-1942-1
Posted Sep 6, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1942-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2013-1059, CVE-2013-1060, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2851, CVE-2013-4162, CVE-2013-4163, CVE-2013-1059, CVE-2013-1060, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2851, CVE-2013-4162, CVE-2013-4163
SHA-256 | 663792b692690dc74ab6966fa33d32c2ea17678527fd462774dbc61a68eda2c2
Ubuntu Security Notice USN-1941-1
Posted Sep 6, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1941-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows for privilege escalation. A local user could exploit this flaw to run commands as root when using the perf tool. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2013-1059, CVE-2013-1060, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2851, CVE-2013-4162, CVE-2013-4163, CVE-2013-1059, CVE-2013-1060, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2851, CVE-2013-4162, CVE-2013-4163
SHA-256 | 4feeacb550bdc2b887356a4b6e0ce71d9c8ffafbf05fb28b48330d1b5dbff3b5
Debian Security Advisory 2745-1
Posted Aug 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2745-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2852, CVE-2013-4162, CVE-2013-4163
SHA-256 | 3eec460e99a9f554b7bc89f94799ac98b40ec17e5325c416c1ece8a5c548e48f
Ubuntu Security Notice USN-1936-1
Posted Aug 20, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1936-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851, CVE-2013-2852, CVE-2013-4125, CVE-2013-4127, CVE-2013-4247, CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851, CVE-2013-2852, CVE-2013-4125, CVE-2013-4127, CVE-2013-4247
SHA-256 | 528bd878edfed318014208b52b566046c0c4aae5333b88966ee24c1083dae315
Ubuntu Security Notice USN-1935-1
Posted Aug 20, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1935-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851, CVE-2013-4125, CVE-2013-4127, CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851, CVE-2013-4125, CVE-2013-4127
SHA-256 | d1f6d65758ad0fc036f97ad66396e8c58d7e9c52a5ba75b87efb0f0683ca5eaa
Ubuntu Security Notice USN-1931-1
Posted Aug 20, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1931-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851, CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851
SHA-256 | ff0f4ce4c92fb685f81150d2928d46bd35bd6fe80f01c3cafaf05ff55984bc9c
Ubuntu Security Notice USN-1932-1
Posted Aug 20, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1932-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851, CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851
SHA-256 | ab1fa9388a03d31905b735951c22b32a508003bc66fc3019e4db4c7a72277ae1
Ubuntu Security Notice USN-1934-1
Posted Aug 20, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1934-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Kees Cook discovered a format string vulnerability in the Linux kernel's disk block layer. A local user with administrator privileges could exploit this flaw to gain kernel privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2851, CVE-2013-1059, CVE-2013-2148, CVE-2013-2851
SHA-256 | 59746e56eb4662747b4e9778ace867b2c146f9080c644e855f67b6b282da588b
Ubuntu Security Notice USN-1933-1
Posted Aug 20, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1933-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851, CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851
SHA-256 | 97f36fd7acbbdb408bc8a2410cb2e1addbcb7dfb4c5468466c4160ac45a04340
Ubuntu Security Notice USN-1912-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1912-1 - Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851
SHA-256 | 7626eebe096c4f4e95a3b1cb1ff7acbc486115e31cb055a4cfc1d77520c9a968
Ubuntu Security Notice USN-1913-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1913-1 - Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851
SHA-256 | c3d61e0fb4aa4f5494b3cdd1af09f21f215af1156fd6bf715ccecb2845b2618a
Mandriva Linux Security Advisory 2013-194
Posted Jul 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-194 - Multiple vulnerabilities has been found and corrected in the Linux kernel. net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.

tags | advisory, remote, denial of service, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2012-5517, CVE-2013-0231, CVE-2013-1059, CVE-2013-1774, CVE-2013-2147, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2850, CVE-2013-2851, CVE-2013-2852, CVE-2013-3301
SHA-256 | 222e6a9b6c229fb8760fbf864b56dd9ad305b2f5b2210ae92ec97c2c2809405b
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    45 Files
  • 9
    Dec 9th
    9 Files
  • 10
    Dec 10th
    6 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close