what you don't know can hurt you
Showing 1 - 22 of 22 RSS Feed

CVE-2013-4299

Status Candidate

Overview

Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.

Related Files

Debian Security Advisory 2906-1
Posted Apr 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2906-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-0343, CVE-2013-2147, CVE-2013-2889, CVE-2013-2893, CVE-2013-4162, CVE-2013-4299, CVE-2013-4345, CVE-2013-4512, CVE-2013-4587, CVE-2013-6367, CVE-2013-6380, CVE-2013-6381, CVE-2013-6382, CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7339, CVE-2014-0101, CVE-2014-1444, CVE-2014-1445, CVE-2014-1446, CVE-2014-1874, CVE-2014-2039, CVE-2014-2523, CVE-2103-2929
SHA-256 | 336839d986f877d0c9633d42e6961fa76ae807751676c40199ee1f7de18091c3
Ubuntu Security Notice USN-2067-1
Posted Jan 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2067-1 - A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2013-4299, CVE-2013-4470, CVE-2013-4511, CVE-2013-4514, CVE-2013-4515, CVE-2013-4592, CVE-2013-6282, CVE-2013-6378, CVE-2013-6383, CVE-2013-6763, CVE-2013-7027, CVE-2013-4299, CVE-2013-4470, CVE-2013-4511, CVE-2013-4514, CVE-2013-4515, CVE-2013-4592, CVE-2013-6282, CVE-2013-6378, CVE-2013-6383, CVE-2013-6763, CVE-2013-7027
SHA-256 | f026924acc26aeec8f7f134fa6517d8629dc2787dfd6d43f822b523543fcffd0
Ubuntu Security Notice USN-2066-1
Posted Jan 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2066-1 - A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2013-4299, CVE-2013-4470, CVE-2013-4511, CVE-2013-4514, CVE-2013-4515, CVE-2013-4592, CVE-2013-6378, CVE-2013-6383, CVE-2013-6763, CVE-2013-7027, CVE-2013-4299, CVE-2013-4470, CVE-2013-4511, CVE-2013-4514, CVE-2013-4515, CVE-2013-4592, CVE-2013-6378, CVE-2013-6383, CVE-2013-6763, CVE-2013-7027
SHA-256 | 8c36dcc617fba5e580a95c0a946cd2ed38307f4107c63ecd9381c14a771a9437
Red Hat Security Advisory 2013-1860-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1860-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-4299
SHA-256 | 301f5f962b95816587d1a1fb7f9d8ff0a219a188b36d79a20ef0aea295b1c9d3
Ubuntu Security Notice USN-2049-1
Posted Dec 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2049-1 - Miroslav Vadkerti discovered a flaw in how the permissions for network sysctls are handled in the Linux kernel. An unprivileged local user could exploit this flaw to have privileged access to files in /proc/sys/net/. A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Various other issues were also addressed.

tags | advisory, remote, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-4270, CVE-2013-4299, CVE-2013-4343, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470, CVE-2013-4270, CVE-2013-4299, CVE-2013-4343, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470
SHA-256 | 5f701e0e3991e00d556fe8c036cde5af0ea754679c09eefb7bdf25b931207b4c
Ubuntu Security Notice USN-2050-1
Posted Dec 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2050-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2147, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470, CVE-2013-0343, CVE-2013-2147, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470
SHA-256 | 8821a1515b5d3a83f986d1b491a7a02d59ae5030a01c256ab95e438a8e7d158a
Red Hat Security Advisory 2013-1783-01
Posted Dec 6, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1783-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-4508, CVE-2013-2851, CVE-2013-4299
SHA-256 | cff59b9f88b0673c0f659fb3e6ef8f092e408c092cba79fe92e8d1112298771e
Ubuntu Security Notice USN-2045-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2045-1 - A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. Various other issues were also addressed.

tags | advisory, remote, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387
SHA-256 | 3b955b65e166e4f2040ddfae69e3db1c541111a5278e26dcfcccccb48ee75ef0
Ubuntu Security Notice USN-2046-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2046-1 - A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2013-4299, CVE-2013-4470, CVE-2013-4299, CVE-2013-4470
SHA-256 | 03785f067577ddb309b03a9c22e4a48647107a96022c5542a8d1e205dce12690
Ubuntu Security Notice USN-2044-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2044-1 - A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2013-4299, CVE-2013-4470, CVE-2013-4299, CVE-2013-4470
SHA-256 | 69dddc0e11072dfec4e5cfed767210007ebc58a07e36bdafb16dbcf97192b474
Ubuntu Security Notice USN-2043-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2043-1 - A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2013-4299, CVE-2013-4470, CVE-2013-4299, CVE-2013-4470
SHA-256 | dc9ad1fd4040c0efabd27e3cf552fea80f91fdd21b95f70f70341c917b59fe10
Ubuntu Security Notice USN-2042-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2042-1 - A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2013-4299, CVE-2013-4470, CVE-2013-4299, CVE-2013-4470
SHA-256 | 480e958bba4ab37b1a3cfcf0c5a4c49492b0c37fbcdadacc0664eea458c53352
Ubuntu Security Notice USN-2041-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2041-1 - A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. Various other issues were also addressed.

tags | advisory, remote, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387
SHA-256 | d708abcfe877ba032773445e0511dc17378d60f8162e15d09f02b5c5b9158421
Ubuntu Security Notice USN-2040-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2040-1 - A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2013-4299, CVE-2013-4470, CVE-2013-4299, CVE-2013-4470
SHA-256 | af9463083a622904006c60e2c6be905bedc2d93a64cda6378ec05d653f777575
Red Hat Security Advisory 2013-1520-01
Posted Nov 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1520-01 - Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4 kernel. These custom kernel packages include support for network namespaces; this support is required to facilitate advanced OpenStack Networking deployments. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-4162, CVE-2013-4299
SHA-256 | 7008a13256f2ff111c9742864c6951d05dc88eb72924ebacdbb0c1381a4ed58a
Red Hat Security Advisory 2013-1519-01
Posted Nov 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1519-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-4508, CVE-2013-4299
SHA-256 | b7e3670d1883b8a69860346779ea0650b4c74cff69296f9794b964c54532bad5
Ubuntu Security Notice USN-2015-1
Posted Nov 11, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2015-1 - Dan Carpenter discovered an information leak in the HP Smart Aray and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service via a specially crafted device. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2147, CVE-2013-2889, CVE-2013-2893, CVE-2013-2897, CVE-2013-4299, CVE-2013-2147, CVE-2013-2889, CVE-2013-2893, CVE-2013-2897, CVE-2013-4299
SHA-256 | c65ef17fab2108cf7be2e4a8fcf4283178c074a26c5740185dc8f53eb50bbffb
Ubuntu Security Notice USN-2016-1
Posted Nov 11, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2016-1 - Dan Carpenter discovered an information leak in the HP Smart Aray and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem when CONFIG_HID_ZEROPLUS is enabled. A physically proximate attacker could leverage this flaw to cause a denial of service via a specially crafted device. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2147, CVE-2013-2889, CVE-2013-2893, CVE-2013-2897, CVE-2013-4299, CVE-2013-2147, CVE-2013-2889, CVE-2013-2893, CVE-2013-2897, CVE-2013-4299
SHA-256 | a220a7baffbe64a639b856dc62b2e98a1dcc47dfef5698aa0801cebea8eaa35b
Red Hat Security Advisory 2013-1490-01
Posted Oct 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1490-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, udp
systems | linux, redhat
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-4299, CVE-2013-4343, CVE-2013-4345, CVE-2013-4348, CVE-2013-4350, CVE-2013-4387
SHA-256 | 940f925cc01d5946698f3c8f547317f6ac1c6b045d85b6aabe0408192318c0ec
Red Hat Security Advisory 2013-1449-01
Posted Oct 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1449-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled, an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, kernel, local, info disclosure
systems | linux, redhat
advisories | CVE-2013-0343, CVE-2013-4299, CVE-2013-4345, CVE-2013-4368
SHA-256 | aace845a09644be52cb6b598679ab31730442e1c2bb5e7f17b6cee8c6a7a54ac
Red Hat Security Advisory 2013-1450-01
Posted Oct 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1450-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540 introduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to corrupt kernel memory via crafted sendmsg() calls, allowing them to cause a denial of service or, potentially, escalate their privileges on the system. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2224, CVE-2013-2852, CVE-2013-4299
SHA-256 | bec42a1124d17a24babb445c0086c515568c978ad5ba4a0a9bda8deab480db7f
Red Hat Security Advisory 2013-1436-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1436-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-4162, CVE-2013-4299
SHA-256 | 303872e8ff5bca61e067a12a40cd346fa1185e503c1cbaaf1dfc656936a4a6a4
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close