The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.
a61882d75d8479cc731747b0d2682c513a28bb1ec35244e7dadceb22767f2277Mandriva Linux Security Advisory 2014-155 - Multiple vulnerabilities have been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.
6933b6a5b4497c29f0f7974ac259e33c762ddd57109d3af0dfff4e246b46004cRed Hat Security Advisory 2014-1025-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system.
9e1b7830d421eb1e7120e150f40116420d5b55744c293d704875f214cc761335Debian Linux Security Advisory 2992-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
b301d9f7ff1c8b9091708894011578d9ffcace82fa2e17ac8e78f3fb69432557Red Hat Security Advisory 2014-0925-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.
7a4b98cc6162c0bbcf1ed682d4479d010efef9351b16d2d8aaec4c5b5754f6b5Red Hat Security Advisory 2014-0923-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.
4d9fa3565ece76fb9ea52e62fb528ffab94970fb7731beb9d410ef7eee5e04f9Red Hat Security Advisory 2014-0924-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.
c438375570283d51bded0b1728d4f457f686151478e25dac149c079f49e029f5Ubuntu Security Notice 2290-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. It was discovered that an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.
d08146b9fea95b5609bae004d574e7ab893d68c13196106b2acc630dcddde5beUbuntu Security Notice 2288-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. An information leak was discovered in the Linux kernel's media-device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.
762c3e6b6422023b0cf7a2e4570f032da29fd554adfd4933d7c81ac2791e2d59Ubuntu Security Notice 2287-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.
94ee00bc3e51eee0cab2b52407443420b1915d25bdf54bb8483c9baf7e584422Ubuntu Security Notice 2286-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.
a5ef90e192f25e88bdc05dfdee78ce4c2c01c37086253de1e44f5916378ea6d5Ubuntu Security Notice 2285-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.
53e0798c2145b912fe223a7d42f93aed871de378ec27bac50506de03da6f050fUbuntu Security Notice 2284-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.
65de288e89273b4a19a71abb156d0c8a5e22311920ee9d2e00adb2f15336ac60Ubuntu Security Notice 2283-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.
51f7353dddebbf98d96c1d6defd1a3d69f1782559d7243fa23fd748f4b653195Ubuntu Security Notice 2282-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. A flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). Various other issues were also addressed.
7576ac5f9418fb22970fae92bda3060de5c7f880fb96a5b9f8bf23edeaa5a089Ubuntu Security Notice 2289-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.
ee4b5aba8b85af49f51b037947116834b7eba864e9592e5b19b0e8efa9345287Ubuntu Security Notice 2281-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. A flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). Various other issues were also addressed.
fb76516b15ce9ca580e4630ff501124404a3bd73f76afd4fa1763950b0a262ab
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed