exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

CVE-2014-4608

Status Candidate

Overview

** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype."

Related Files

Red Hat Security Advisory 2015-0062-01
Posted Jan 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0062-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, redhat
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-4608, CVE-2014-5045
SHA-256 | 8fa532cd06dd1de77f51800bacc2dca0088c3a79227e555b52246b1c77aa5100
Ubuntu Security Notice USN-2417-1
Posted Nov 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2417-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-3647, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-3690, CVE-2014-4608, CVE-2014-7207, CVE-2014-7975
SHA-256 | d7573d41ea8583522053f3ddf2d29337294c20d6c310ac2be612936e9cc496c9
Ubuntu Security Notice USN-2421-1
Posted Nov 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2421-1 - A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3690, CVE-2014-4608, CVE-2014-7975
SHA-256 | f89b5b9c4ee1951650d04c019468034d3d30eff46996b29897b32f06cdcf79a7
Ubuntu Security Notice USN-2420-1
Posted Nov 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2420-1 - A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3690, CVE-2014-4608, CVE-2014-7970, CVE-2014-7975
SHA-256 | 36ffd642f6a006b44d9ce22c4b5a25aaa95783e0f98924dd420e67627387c587
Ubuntu Security Notice USN-2419-1
Posted Nov 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2419-1 - A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3690, CVE-2014-4608, CVE-2014-7970, CVE-2014-7975
SHA-256 | 5e4c864f21c88ee3ebf68fc8b69db852398674b8060f7ec9d1fb969cae712d26
Ubuntu Security Notice USN-2416-1
Posted Nov 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2416-1 - Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-4608, CVE-2014-7975
SHA-256 | a14a2531aa2f07760f992d885a7780d7f6c77ae27d03fcad546fedba18c7a01c
Ubuntu Security Notice USN-2418-1
Posted Nov 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2418-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-3647, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-3690, CVE-2014-4608, CVE-2014-7207, CVE-2014-7975
SHA-256 | 03a7978ef81c526c9834e89b46bf36cbf2997deaa68a655162066cf8d249724d
Red Hat Security Advisory 2014-1392-01
Posted Oct 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1392-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file could possibly use this flaw to escalate their privileges on the system.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2013-4483, CVE-2014-0181, CVE-2014-3122, CVE-2014-3601, CVE-2014-4608, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-5045, CVE-2014-5077
SHA-256 | 2d379835f8d8b30d2d5205e57ee447ccaebb299a17dcdeb38aa229c1a1b8d376
Mandriva Linux Security Advisory 2014-155
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-155 - Multiple vulnerabilities have been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4514, CVE-2014-0131, CVE-2014-4027, CVE-2014-4608, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-4699, CVE-2014-4943
SHA-256 | 6933b6a5b4497c29f0f7974ac259e33c762ddd57109d3af0dfff4e246b46004c
Ubuntu Security Notice USN-2290-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2290-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. It was discovered that an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-1739, CVE-2014-3144, CVE-2014-3145, CVE-2014-3940, CVE-2014-4608, CVE-2014-4611, CVE-2014-4943
SHA-256 | d08146b9fea95b5609bae004d574e7ab893d68c13196106b2acc630dcddde5be
Ubuntu Security Notice USN-2288-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2288-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. An information leak was discovered in the Linux kernel's media-device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-1739, CVE-2014-3144, CVE-2014-3145, CVE-2014-3940, CVE-2014-4608, CVE-2014-4611, CVE-2014-4943
SHA-256 | 762c3e6b6422023b0cf7a2e4570f032da29fd554adfd4933d7c81ac2791e2d59
Ubuntu Security Notice USN-2287-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2287-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-3917, CVE-2014-4014, CVE-2014-4608, CVE-2014-4611, CVE-2014-4943
SHA-256 | 94ee00bc3e51eee0cab2b52407443420b1915d25bdf54bb8483c9baf7e584422
Ubuntu Security Notice USN-2286-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2286-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-1739, CVE-2014-3144, CVE-2014-3145, CVE-2014-3917, CVE-2014-4014, CVE-2014-4608, CVE-2014-4943
SHA-256 | a5ef90e192f25e88bdc05dfdee78ce4c2c01c37086253de1e44f5916378ea6d5
Ubuntu Security Notice USN-2285-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2285-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-1739, CVE-2014-3917, CVE-2014-4014, CVE-2014-4027, CVE-2014-4608, CVE-2014-4943
SHA-256 | 53e0798c2145b912fe223a7d42f93aed871de378ec27bac50506de03da6f050f
Ubuntu Security Notice USN-2284-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2284-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-4608, CVE-2014-4943
SHA-256 | 65de288e89273b4a19a71abb156d0c8a5e22311920ee9d2e00adb2f15336ac60
Ubuntu Security Notice USN-2283-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2283-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-4608, CVE-2014-4943
SHA-256 | 51f7353dddebbf98d96c1d6defd1a3d69f1782559d7243fa23fd748f4b653195
Ubuntu Security Notice USN-2282-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2282-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. A flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-3917, CVE-2014-4608, CVE-2014-4943
SHA-256 | 7576ac5f9418fb22970fae92bda3060de5c7f880fb96a5b9f8bf23edeaa5a089
Ubuntu Security Notice USN-2289-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2289-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-3917, CVE-2014-4014, CVE-2014-4608, CVE-2014-4611, CVE-2014-4943
SHA-256 | ee4b5aba8b85af49f51b037947116834b7eba864e9592e5b19b0e8efa9345287
Ubuntu Security Notice USN-2281-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2281-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. A flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-3917, CVE-2014-4608, CVE-2014-4943
SHA-256 | fb76516b15ce9ca580e4630ff501124404a3bd73f76afd4fa1763950b0a262ab
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close