exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2013-6381

Status Candidate

Overview

Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size.

Related Files

Red Hat Security Advisory 2014-0476-01
Posted May 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0476-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's Adaptec RAID controller checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-6381, CVE-2013-6383
SHA-256 | 9f8cfd3ecd56c7f75c28a03d7928d9e6b483e023a407fb82e78912301cbd97c3
Debian Security Advisory 2906-1
Posted Apr 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2906-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-0343, CVE-2013-2147, CVE-2013-2889, CVE-2013-2893, CVE-2013-4162, CVE-2013-4299, CVE-2013-4345, CVE-2013-4512, CVE-2013-4587, CVE-2013-6367, CVE-2013-6380, CVE-2013-6381, CVE-2013-6382, CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7339, CVE-2014-0101, CVE-2014-1444, CVE-2014-1445, CVE-2014-1446, CVE-2014-1874, CVE-2014-2039, CVE-2014-2523, CVE-2103-2929
SHA-256 | 336839d986f877d0c9633d42e6961fa76ae807751676c40199ee1f7de18091c3
Red Hat Security Advisory 2014-0285-01
Posted Mar 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0285-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory condition and, potentially, crash the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-2929, CVE-2013-4483, CVE-2013-4554, CVE-2013-6381, CVE-2013-6383, CVE-2013-6885, CVE-2013-7263
SHA-256 | a11eda61dbcf728addd1377584ae2b396b052364c5d94383cdb60ead21539012
Red Hat Security Advisory 2014-0284-01
Posted Mar 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0284-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, local, udp, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2851, CVE-2013-4387, CVE-2013-4470, CVE-2013-4591, CVE-2013-6367, CVE-2013-6368, CVE-2013-6381
SHA-256 | 8cfc7fc325fe40888918ba9e8f2de222f45256f4ab9832b9a6acc34dd00ab357
Red Hat Security Advisory 2014-0159-01
Posted Feb 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0159-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-2929, CVE-2013-6381, CVE-2013-7263, CVE-2013-7265
SHA-256 | d6a3d7905619dde6b0c504958abbe62c6810a747bc516cdf0188bf72df2dcb42
Mandriva Linux Security Advisory 2013-291
Posted Dec 19, 2013
Site mandriva.com

Mandriva Linux Security Advisory 2013-291 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the au1100fb_fb_mmap function in drivers/video/au1100fb.c and the au1200fb_fb_mmap function in drivers/video/au1200fb.c. Various other issues have also been addressed.

advisories | CVE-2013-2929, CVE-2013-2930, CVE-2013-4511, CVE-2013-4512, CVE-2013-4514, CVE-2013-4515, CVE-2013-4592, CVE-2013-6378, CVE-2013-6380, CVE-2013-6381, CVE-2013-6383, CVE-2013-6763
SHA-256 | e4a9556722b4bee5720cc309bc992b81c4ac568a9f675f7f404694d9b54048e1
Mandriva Linux Security Advisory 2013-291
Posted Dec 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-291 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. Various other issues have also been addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2013-2929, CVE-2013-2930, CVE-2013-4511, CVE-2013-4512, CVE-2013-4514, CVE-2013-4515, CVE-2013-4592, CVE-2013-6378, CVE-2013-6380, CVE-2013-6381, CVE-2013-6383, CVE-2013-6763
SHA-256 | e4a9556722b4bee5720cc309bc992b81c4ac568a9f675f7f404694d9b54048e1
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close