exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

CVE-2014-4943

Status Candidate

Overview

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

Related Files

Linux CVE-2014-4943 Proof Of Concept
Posted Mar 2, 2015
Authored by Emeric Nasi

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2014-4943
MD5 | 73974e06417810bd1b77ad02b89add32
Mandriva Linux Security Advisory 2014-155
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-155 - Multiple vulnerabilities have been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4514, CVE-2014-0131, CVE-2014-4027, CVE-2014-4608, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-4699, CVE-2014-4943
MD5 | 3d782401d1760680f0d614c6cde1ba1c
Red Hat Security Advisory 2014-1025-01
Posted Aug 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1025-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4943
MD5 | 5672bf662714e3221f049a0133e6b5ca
Debian Security Advisory 2992-1
Posted Jul 30, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2992-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-3534, CVE-2014-4667, CVE-2014-4943
MD5 | 8cfcafb5069537f151c8f844aee120be
Red Hat Security Advisory 2014-0925-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0925-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
MD5 | affcadcb71639db09261302b3cc2f5e0
Red Hat Security Advisory 2014-0923-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0923-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
MD5 | f1029fa1c22cdb11ea204241476643e1
Red Hat Security Advisory 2014-0924-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0924-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
MD5 | 9009eded5d0519623f7aea43f95bd7b1
Ubuntu Security Notice USN-2290-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2290-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. It was discovered that an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-1739, CVE-2014-3144, CVE-2014-3145, CVE-2014-3940, CVE-2014-4608, CVE-2014-4611, CVE-2014-4943
MD5 | 1dd09d30573adadeb946c607087fc609
Ubuntu Security Notice USN-2288-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2288-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. An information leak was discovered in the Linux kernel's media-device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-1739, CVE-2014-3144, CVE-2014-3145, CVE-2014-3940, CVE-2014-4608, CVE-2014-4611, CVE-2014-4943
MD5 | 0c22064029bca9c5378ba086f1be7d40
Ubuntu Security Notice USN-2287-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2287-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-3917, CVE-2014-4014, CVE-2014-4608, CVE-2014-4611, CVE-2014-4943
MD5 | 81d5aec154cc3a74cf3b9789d007860a
Ubuntu Security Notice USN-2286-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2286-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-1739, CVE-2014-3144, CVE-2014-3145, CVE-2014-3917, CVE-2014-4014, CVE-2014-4608, CVE-2014-4943
MD5 | 511e7bed6e9a39ca49b13f35d58bbc2b
Ubuntu Security Notice USN-2285-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2285-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-1739, CVE-2014-3917, CVE-2014-4014, CVE-2014-4027, CVE-2014-4608, CVE-2014-4943
MD5 | 92ee8694d934c79d704e603326788380
Ubuntu Security Notice USN-2284-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2284-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-4608, CVE-2014-4943
MD5 | 5c888cabfce03a74dcac1627ea05e92a
Ubuntu Security Notice USN-2283-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2283-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-4608, CVE-2014-4943
MD5 | d61639718797a9d491be7240e8bb5803
Ubuntu Security Notice USN-2282-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2282-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. A flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-3917, CVE-2014-4608, CVE-2014-4943
MD5 | 879b6df0b9dfaecf056060eba4f921f9
Ubuntu Security Notice USN-2289-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2289-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-3917, CVE-2014-4014, CVE-2014-4608, CVE-2014-4611, CVE-2014-4943
MD5 | b08b56e0bb535ea41f5a788c7a55e90e
Ubuntu Security Notice USN-2281-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2281-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. A flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-3917, CVE-2014-4608, CVE-2014-4943
MD5 | 7413b78159a6df879d59c6c0dae60934
Page 1 of 1
Back1Next

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close