exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

CVE-2013-4387

Status Candidate

Overview

net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.

Related Files

Ubuntu Security Notice USN-2234-1
Posted Jun 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2234-1 - Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. Dmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2013-4387, CVE-2013-4470, CVE-2013-4483, CVE-2014-1438, CVE-2014-3122, CVE-2014-3153
SHA-256 | a93c4dad0670abab855ed08d6ba04f65b5dd4b888b0d22e9e68426fca77a4f1d
Ubuntu Security Notice USN-2233-1
Posted Jun 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2233-1 - Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. Dmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, ubuntu
advisories | CVE-2013-4387, CVE-2013-4470, CVE-2013-4483, CVE-2014-1438, CVE-2014-3122, CVE-2014-3153
SHA-256 | b254623a74545b5c66708396dc56fd6e8302db1a965a8fc69f3ad3c62f7b363e
Red Hat Security Advisory 2014-0284-01
Posted Mar 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0284-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, local, udp, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2851, CVE-2013-4387, CVE-2013-4470, CVE-2013-4591, CVE-2013-6367, CVE-2013-6368, CVE-2013-6381
SHA-256 | 8cfc7fc325fe40888918ba9e8f2de222f45256f4ab9832b9a6acc34dd00ab357
Ubuntu Security Notice USN-2049-1
Posted Dec 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2049-1 - Miroslav Vadkerti discovered a flaw in how the permissions for network sysctls are handled in the Linux kernel. An unprivileged local user could exploit this flaw to have privileged access to files in /proc/sys/net/. A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Various other issues were also addressed.

tags | advisory, remote, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-4270, CVE-2013-4299, CVE-2013-4343, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470, CVE-2013-4270, CVE-2013-4299, CVE-2013-4343, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470
SHA-256 | 5f701e0e3991e00d556fe8c036cde5af0ea754679c09eefb7bdf25b931207b4c
Ubuntu Security Notice USN-2050-1
Posted Dec 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2050-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2147, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470, CVE-2013-0343, CVE-2013-2147, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470
SHA-256 | 8821a1515b5d3a83f986d1b491a7a02d59ae5030a01c256ab95e438a8e7d158a
Ubuntu Security Notice USN-2045-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2045-1 - A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. Various other issues were also addressed.

tags | advisory, remote, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387
SHA-256 | 3b955b65e166e4f2040ddfae69e3db1c541111a5278e26dcfcccccb48ee75ef0
Ubuntu Security Notice USN-2041-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2041-1 - A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. Various other issues were also addressed.

tags | advisory, remote, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387
SHA-256 | d708abcfe877ba032773445e0511dc17378d60f8162e15d09f02b5c5b9158421
Ubuntu Security Notice USN-2039-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2039-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to a guest OS. A privileged user in the guest OS could exploit this flaw to destroy data on the disk, even though the guest OS should not be able to write to the disk. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2140, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387, CVE-2013-0343, CVE-2013-2140, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387
SHA-256 | d666179f4eca9accee08ccabed80dc0946e2c6fc975772befbf68c62fbea426d
Ubuntu Security Notice USN-2038-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2038-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to a guest OS. A privileged user in the guest OS could exploit this flaw to destroy data on the disk, even though the guest OS should not be able to write to the disk. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2140, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387, CVE-2013-0343, CVE-2013-2140, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387
SHA-256 | 8672520ae920f177437eb9025de7403e71472862cc712f76f38682792e48acfc
Red Hat Security Advisory 2013-1645-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1645-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, udp
systems | linux, redhat
advisories | CVE-2012-6542, CVE-2012-6545, CVE-2013-0343, CVE-2013-1928, CVE-2013-1929, CVE-2013-2164, CVE-2013-2234, CVE-2013-2851, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-3231, CVE-2013-4345, CVE-2013-4387, CVE-2013-4591, CVE-2013-4592
SHA-256 | 97d65ec407c60f5d7fb845675304c446d1888daf065dc7d8976e4e16c33033ab
Ubuntu Security Notice USN-2024-1
Posted Nov 11, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2024-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387, CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387
SHA-256 | 295703ff6d475041ac7bb2652502b1f90ed3e506351b58c3554f5438c9bf2c1c
Ubuntu Security Notice USN-2022-1
Posted Nov 11, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2022-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387, CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387
SHA-256 | 3b65c0f31ea250ae78ab872e05ac0341612af3239cd3a17b8641df50842f91e6
Ubuntu Security Notice USN-2021-1
Posted Nov 11, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2021-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387, CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387
SHA-256 | 33a07a511605b99a1b5ead980b6ca45b27cb48ab8e683d9251c6e2e7d9ca892a
Ubuntu Security Notice USN-2019-1
Posted Nov 11, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2019-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387, CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387
SHA-256 | 6c2a33cae01358a56b7dff9a2c615b9b8078930f6d9313c483be54e61809e22e
Mandriva Linux Security Advisory 2013-265
Posted Nov 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-265 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service via a crafted application. The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service via a small value in the IHL field of a packet with IPIP encapsulation. Various other issues have also been addressed.

tags | advisory, remote, denial of service, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4483, CVE-2013-4348, CVE-2013-4470, CVE-2013-2015, CVE-2013-4387, CVE-2013-4350
SHA-256 | e2830471bcc8e7e6df1c6e5b34dfd41726e01285869d01bb9ed74386acc56edd
Red Hat Security Advisory 2013-1490-01
Posted Oct 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1490-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, udp
systems | linux, redhat
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-4299, CVE-2013-4343, CVE-2013-4345, CVE-2013-4348, CVE-2013-4350, CVE-2013-4387
SHA-256 | 940f925cc01d5946698f3c8f547317f6ac1c6b045d85b6aabe0408192318c0ec
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close