what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

CVE-2013-2852

Status Candidate

Overview

Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.

Related Files

Red Hat Security Advisory 2013-1450-01
Posted Oct 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1450-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540 introduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to corrupt kernel memory via crafted sendmsg() calls, allowing them to cause a denial of service or, potentially, escalate their privileges on the system. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2224, CVE-2013-2852, CVE-2013-4299
MD5 | 1498e6dda0603ef9691c7d1f6a910bbd
Debian Security Advisory 2766-1
Posted Sep 30, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2766-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-2141, CVE-2013-2164, CVE-2013-2206, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2239, CVE-2013-2851, CVE-2013-2852, CVE-2013-2888, CVE-2013-2892
MD5 | 24180ab9a5fa022aa5001bc9779ccf9b
Red Hat Security Advisory 2013-1264-01
Posted Sep 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1264-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to cause a denial of service on a system or, potentially, escalate their privileges on that system. A flaw was found in the Linux kernel's Performance Events implementation. On systems with certain Intel processors, a local, unprivileged user could use this flaw to cause a denial of service by leveraging the perf subsystem to write into the reserved bits of the OFFCORE_RSP_0 and OFFCORE_RSP_1 model-specific registers.

tags | advisory, remote, denial of service, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-2058, CVE-2013-2141, CVE-2013-2146, CVE-2013-2147, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2850, CVE-2013-2851, CVE-2013-2852, CVE-2013-3301, CVE-2013-4162, CVE-2013-4163
MD5 | 5eea9d3ce982c34da176b92519e344f2
Debian Security Advisory 2745-1
Posted Aug 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2745-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2852, CVE-2013-4162, CVE-2013-4163
MD5 | b0547ebbff6eb63a5b603f94c1624466
Ubuntu Security Notice USN-1936-1
Posted Aug 20, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1936-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851, CVE-2013-2852, CVE-2013-4125, CVE-2013-4127, CVE-2013-4247, CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2851, CVE-2013-2852, CVE-2013-4125, CVE-2013-4127, CVE-2013-4247
MD5 | 3b21dc94da4abaa05cfa6345172f84cd
Ubuntu Security Notice USN-1930-1
Posted Aug 20, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1930-1 - An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2148, CVE-2013-2852, CVE-2013-2148, CVE-2013-2852
MD5 | 19b639375a3d1a7f739416ce5b3cde11
Ubuntu Security Notice USN-1920-1
Posted Jul 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1920-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | b1aeea2ce7a6f0dfa9615c0ef77ad088
Ubuntu Security Notice USN-1914-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1914-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | cf38aba678e6d1443fe7fc99783ec1c3
Ubuntu Security Notice USN-1918-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1918-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | 334b45483613f6e585f6541bee6932d3
Ubuntu Security Notice USN-1917-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1917-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | f59e6e241936919b46f7f7d31f47d7ad
Ubuntu Security Notice USN-1919-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1919-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | b4c08885e4786f1af20ba426c85f500f
Ubuntu Security Notice USN-1915-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1915-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | 350ffcd77f0b13e37295bc1d0cdfefe9
Ubuntu Security Notice USN-1916-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1916-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | 0cb60c758ed5219a86c8591323aab74b
Red Hat Security Advisory 2013-1080-01
Posted Jul 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1080-01 - Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4 kernel. These custom kernel packages include support for network namespaces, this support is required to facilitate advanced OpenStack Networking deployments. A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2012-6548, CVE-2013-0914, CVE-2013-1848, CVE-2013-2128, CVE-2013-2634, CVE-2013-2635, CVE-2013-2852, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, CVE-2013-3301
MD5 | fdaa81061edcdc406529a37295782daa
Red Hat Security Advisory 2013-1051-01
Posted Jul 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1051-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2012-6548, CVE-2013-0914, CVE-2013-1848, CVE-2013-2128, CVE-2013-2634, CVE-2013-2635, CVE-2013-2852, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, CVE-2013-3301
MD5 | 607e4c1372cc2f019497d9e17337cc18
Mandriva Linux Security Advisory 2013-194
Posted Jul 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-194 - Multiple vulnerabilities has been found and corrected in the Linux kernel. net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.

tags | advisory, remote, denial of service, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2012-5517, CVE-2013-0231, CVE-2013-1059, CVE-2013-1774, CVE-2013-2147, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2850, CVE-2013-2851, CVE-2013-2852, CVE-2013-3301
MD5 | 25d525391a2ce9a5792be99f27172d9f
Ubuntu Security Notice USN-1900-1
Posted Jul 5, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1900-1 - Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. An information leak was discovered in the Linux kernel's tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. A format string vulnerability was discovered in Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-4508, CVE-2013-2141, CVE-2013-2852, CVE-2012-4508, CVE-2013-2141, CVE-2013-2852
MD5 | 4248cdb5374d0b8f58403ee24c28487d
Ubuntu Security Notice USN-1899-1
Posted Jul 5, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1899-1 - Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. An information leak was discovered in the Linux kernel's tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. A format string vulnerability was discovered in Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-4508, CVE-2013-2141, CVE-2013-2852, CVE-2012-4508, CVE-2013-2141, CVE-2013-2852
MD5 | 0dc268d390c5d5febe9f6a8aff3807bc
Page 1 of 1
Back1Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close