what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

CVE-2014-4699

Status Candidate

Overview

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.

Related Files

Mandriva Linux Security Advisory 2014-155
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-155 - Multiple vulnerabilities have been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4514, CVE-2014-0131, CVE-2014-4027, CVE-2014-4608, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-4699, CVE-2014-4943
MD5 | 3d782401d1760680f0d614c6cde1ba1c
Red Hat Security Advisory 2014-0949-01
Posted Jul 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0949-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699
MD5 | f69703d921d194cda6c2c3509e06498e
Red Hat Security Advisory 2014-0925-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0925-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
MD5 | affcadcb71639db09261302b3cc2f5e0
Red Hat Security Advisory 2014-0923-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0923-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
MD5 | f1029fa1c22cdb11ea204241476643e1
Red Hat Security Advisory 2014-0924-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0924-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
MD5 | 9009eded5d0519623f7aea43f95bd7b1
Red Hat Security Advisory 2014-0913-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0913-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-0181, CVE-2014-0206, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153, CVE-2014-3917, CVE-2014-3940, CVE-2014-4027, CVE-2014-4667, CVE-2014-4699
MD5 | 0b79965eb0beab6d5643819677a1a532
Linux Kernel ptrace/sysret Local Privilege Escalation
Posted Jul 22, 2014
Authored by Vitaly Nikolenko

Linux Kernel ptrace/sysret local privilege escalation proof of concept exploit.

tags | exploit, kernel, local, proof of concept
systems | linux
advisories | CVE-2014-4699
MD5 | 94c88567c610853f4926b687106afb46
Debian Security Advisory 2972-1
Posted Jul 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2972-1 - Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

tags | advisory, denial of service, kernel
systems | linux, debian
advisories | CVE-2014-4699
MD5 | b161caea6f008c592583b28e37e41a2c
Ubuntu Security Notice USN-2274-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2274-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
MD5 | cc0798be6782b676723799bdbc72eba0
Ubuntu Security Notice USN-2272-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2272-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
MD5 | 7251c2f6ee0ec0c44b297d20d775b9ef
Ubuntu Security Notice USN-2271-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2271-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
MD5 | d82c7fda40fc0df118f9632f6fd806ec
Ubuntu Security Notice USN-2266-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2266-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
MD5 | 7d7752ea2ca01c97dd2cba38532d6577
Ubuntu Security Notice USN-2270-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2270-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
MD5 | 44276d6bf98a91f5c1922509d3651f39
Ubuntu Security Notice USN-2268-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2268-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
MD5 | 4e4b77680c8881a4cd41eeca7c3c1c6e
Ubuntu Security Notice USN-2269-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2269-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
MD5 | b4073b912a66e165527f1bf0e24c72cc
Ubuntu Security Notice USN-2267-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2267-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
MD5 | 572841074fc35b1d82af0b9bf375b96b
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close