exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

CVE-2014-4699

Status Candidate

Overview

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.

Related Files

Mandriva Linux Security Advisory 2014-155
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-155 - Multiple vulnerabilities have been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4514, CVE-2014-0131, CVE-2014-4027, CVE-2014-4608, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-4699, CVE-2014-4943
SHA-256 | 6933b6a5b4497c29f0f7974ac259e33c762ddd57109d3af0dfff4e246b46004c
Red Hat Security Advisory 2014-0949-01
Posted Jul 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0949-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699
SHA-256 | f9777ca1631aa2e4c1e414fb55781fb71e7081b5f670f58256119195823e51da
Red Hat Security Advisory 2014-0925-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0925-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
SHA-256 | 7a4b98cc6162c0bbcf1ed682d4479d010efef9351b16d2d8aaec4c5b5754f6b5
Red Hat Security Advisory 2014-0923-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0923-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
SHA-256 | 4d9fa3565ece76fb9ea52e62fb528ffab94970fb7731beb9d410ef7eee5e04f9
Red Hat Security Advisory 2014-0924-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0924-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
SHA-256 | c438375570283d51bded0b1728d4f457f686151478e25dac149c079f49e029f5
Red Hat Security Advisory 2014-0913-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0913-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-0181, CVE-2014-0206, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153, CVE-2014-3917, CVE-2014-3940, CVE-2014-4027, CVE-2014-4667, CVE-2014-4699
SHA-256 | c05d77b8bb0fb6653e702993e25b62f141d1901c64377ea8e2757ba943646f2b
Linux Kernel ptrace/sysret Local Privilege Escalation
Posted Jul 22, 2014
Authored by Vitaly Nikolenko

Linux Kernel ptrace/sysret local privilege escalation proof of concept exploit.

tags | exploit, kernel, local, proof of concept
systems | linux
advisories | CVE-2014-4699
SHA-256 | 04e87b1d1e570f2581bc3083d954116e4b2fc926c256c35dc54b9c7aaff76c86
Debian Security Advisory 2972-1
Posted Jul 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2972-1 - Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

tags | advisory, denial of service, kernel
systems | linux, debian
advisories | CVE-2014-4699
SHA-256 | abd13212bb911b20678d315d29c2d8d434dfae706531fe23b757f8e6a1abb52d
Ubuntu Security Notice USN-2274-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2274-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
SHA-256 | 82281da049376f2b4579ebfff00e44cde4d9cb934d302f82e7d8df85220c0588
Ubuntu Security Notice USN-2272-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2272-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
SHA-256 | 44327dad1fdf47dc2cf7e9f604cb82153f4c4adf9d28e736005aee9f4224691a
Ubuntu Security Notice USN-2271-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2271-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
SHA-256 | 391f400f2d6c88c3fd6a45ff28747b979c1947046f719cb6a2b82515e80a1fcf
Ubuntu Security Notice USN-2266-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2266-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
SHA-256 | 142f502be70a5e886a0913def179f15a4abea7fe2f842568dc9e9b7c25ff73fa
Ubuntu Security Notice USN-2270-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2270-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
SHA-256 | e11797f1e149c888fb650c5e724455b9f47bac4c006b0641edfba2d325e0e1ed
Ubuntu Security Notice USN-2268-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2268-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
SHA-256 | 379099c1152a566c490f83d2f4e3ae2a499d95a18f629ccc8f78ac6833da9c2b
Ubuntu Security Notice USN-2269-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2269-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
SHA-256 | 79af0f736f1b7dbb0b23ef72d6c263ae918043f1cb2a93f5fe9f0638ed34a714
Ubuntu Security Notice USN-2267-1
Posted Jul 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2267-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-4699
SHA-256 | 6149333518dd2aba6c776e0737b5975de8e3fa4b08d862777c2779eb38bb3844
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close