the original cloud security
Showing 1 - 20 of 20 RSS Feed

CVE-2014-0196

Status Candidate

Overview

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

Related Files

Ubuntu Security Notice USN-2260-1
Posted Jun 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2260-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0077, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2568, CVE-2014-2851, CVE-2014-3122, CVE-2014-3153
MD5 | 8193a7a1ebc21413d662ea710632ba74
Mandriva Linux Security Advisory 2014-124
Posted Jun 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-124 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2012-2137, CVE-2013-2897, CVE-2014-0069, CVE-2014-0077, CVE-2014-0101, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874, CVE-2014-2039, CVE-2014-2309, CVE-2014-2523, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153, CVE-2014-3917
MD5 | d4173e7b22628d26c1c257c521cb1593
Red Hat Security Advisory 2014-0678-02
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0678-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-0196
MD5 | a7fbf9dc744e574d56de08750199a6cf
Red Hat Security Advisory 2014-0557-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0557-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU list under certain conditions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system by sending a large amount of specially crafted fragmented packets to that system.

tags | advisory, remote, kernel, tcp, protocol
systems | linux, redhat
advisories | CVE-2014-0100, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3122
MD5 | 92ffb61f18bc3e90b948a3bb43daf85e
Ubuntu Security Notice USN-2227-1
Posted May 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2227-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-4483, CVE-2014-0069, CVE-2014-0077, CVE-2014-0101, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2309, CVE-2014-2523, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851
MD5 | 60a61ce3b46f20c368154ead75b6bd25
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140520
Posted May 21, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release updates tor to version 0.2.4.22, the kernel to 3.14.4 plus Gentoo's hardened-patches, and openssh to 6.6p1. The bump in tor adds an important block to authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL, CVE-2014-0160. The bump in the kernel addresses the pty layer race condition memory corruption, CVE-2014-0196. Upgrading is strongly recommended.
tags | tool, kernel, peer2peer
systems | linux
advisories | CVE-2014-0160, CVE-2014-0196
MD5 | 530be58574231832910eb9aa19272f43
Red Hat Security Advisory 2014-0520-01
Posted May 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0520-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-0101, CVE-2014-0196
MD5 | 64f860de6721312824d59e9d3758f50a
Red Hat Security Advisory 2014-0512-01
Posted May 19, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0512-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-0196
MD5 | c0ac0e9bc452681d3e968b492c729ce4
Debian Security Advisory 2928-1
Posted May 15, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2928-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-0196, CVE-2014-1737, CVE-2014-1738
MD5 | e506422ccc3f74a5c09833043f4cd507
Linux Kernel 3.15-rc4 PTY Race Condition
Posted May 14, 2014
Authored by Matthew Daley

Linux Kernel versions above 3.14-rc1 and below 3.15-rc4 raw mode PTY local echo race condition privilege escalation proof of concept exploit. This bug also affects kernel 2.6.31-rc3 and newer.

tags | exploit, kernel, local, proof of concept
systems | linux
advisories | CVE-2014-0196
MD5 | 13d392a765d40d69d673f57809956287
Debian Security Advisory 2926-1
Posted May 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2926-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2851, CVE-2014-3122
MD5 | 836873067313a312340f5083aaf5efb0
Ubuntu Security Notice USN-2204-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2204-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | abdb6c0bc9e6daefa389f41cb89a380b
Ubuntu Security Notice USN-2203-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2203-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | bf5bc88c3fe37e912665ac452c1d5eb6
Ubuntu Security Notice USN-2202-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2202-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | 6e46930957c4fa6f4872ffa9ca30fb0b
Ubuntu Security Notice USN-2201-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2201-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | b4310e3a515bea75f00cd5a4440a56c6
Ubuntu Security Notice USN-2200-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2200-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | 3f566b862c97ddd582b869cf0aa8e3a0
Ubuntu Security Notice USN-2199-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2199-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | ff64fe6e1a722470e6584e6158b31fae
Ubuntu Security Notice USN-2196-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2196-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | ba542dbcdbecb56ea1b004931e200eb7
Ubuntu Security Notice USN-2198-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2198-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | 817e79e8a0145af1f4f8f6d4587a3ddd
Ubuntu Security Notice USN-2197-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2197-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | ddeecadfc7764896e4885bc827b9bf18
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close