what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

CVE-2014-5472

Status Candidate

Overview

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.

Related Files

Red Hat Security Advisory 2015-0803-01
Posted Apr 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0803-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file could possibly use this flaw to escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2014-5471, CVE-2014-5472, CVE-2014-8159
SHA-256 | 2597df80a3aee352865bb8ca568338d9f7a11fa2f588d762a3f3d44f5341a025
Red Hat Security Advisory 2015-0782-01
Posted Apr 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0782-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2014-3690, CVE-2014-5471, CVE-2014-5472, CVE-2014-8159, CVE-2014-8884, CVE-2015-1421
SHA-256 | 497a3d5df6407e2e427e7c1470a45a7c8129599f5ebc30b4932e3935b243a11f
HP Security Bulletin HPSBGN03285 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03285 1 - Potential security vulnerabilities have been identified with these three packages. These vulnerabilities could be exploited to allow execution of code. HP Operation Agent Virtual Appliance for monitoring VMware vSphere environments (OAVA) HP Virtualization Performance Viewer for monitoring VMware vSphere environments (vPV VA) HP Operations Manager i 10.00 Virtual (OMi VA). Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2012-6657, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410, CVE-2014-9322, CVE-2015-0235
SHA-256 | 172838bdb356ce6ff085acbfa8cc07719e149fed64df6c1daaa6c456b43e7a32
HP Security Bulletin HPSBGN03282 1
Posted Mar 25, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03282 1 - Potential security vulnerabilities have been identified with the underlying Linux Operating System kernel which supports these three Virtual Appliance packages. These vulnerabilities could be exploited to allow execution of code and other issues. HP Operations Agent Virtual Appliance for monitoring VMware vSphere environments (OAVA) HP Virtualization Performance Viewer Virtual appliance (vPV VA) HP Operations Manager i 10.00 Virtual (OMi VA). Revision 1 of this advisory.

tags | advisory, kernel, vulnerability
systems | linux
advisories | CVE-2012-6657, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410, CVE-2014-9322
SHA-256 | 864b0db9d75f4f8f952cedebeb176669331ab60bcc28a09d3c66acf6f249367d
Red Hat Security Advisory 2015-0695-01
Posted Mar 18, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0695-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2014-5471, CVE-2014-5472, CVE-2014-7841, CVE-2014-8159
SHA-256 | 25724757ff5aee8a16c253eb7a578ac07bfa56bdb2e5d75fa8c0d5db6a98c13b
Red Hat Security Advisory 2015-0102-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0102-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. A race condition flaw was found in the way the Linux kernel's mmap, madvise, and fallocate system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2014-4171, CVE-2014-5471, CVE-2014-5472, CVE-2014-7145, CVE-2014-7822, CVE-2014-7841
SHA-256 | d6cb35f9eec16000c013c4d690821d03205cdba86b1d5048733ff6c4beccc835
Red Hat Security Advisory 2014-1997-01
Posted Dec 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1997-01 - A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2012-6657, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410, CVE-2014-9322
SHA-256 | 9a42bc59092af16ac1038c9e5dce06d93b232fcce0c7a1ab4cb77a0af3e0b74c
Mandriva Linux Security Advisory 2014-201
Posted Oct 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-201 - Multiple vulnerabilities has been found and corrected in the Linux kernel. These include stack-based buffer overflows and denial of service issues.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2014-3122, CVE-2014-3181, CVE-2014-3182, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-3534, CVE-2014-3601, CVE-2014-5077, CVE-2014-5206, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410, CVE-2014-7975
SHA-256 | 18d0010448f4aacc19c217e3371db5d34c01d05bb3fb2bb9179b1b838891d685
Red Hat Security Advisory 2014-1318-01
Posted Sep 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1318-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Realtime provides the highest levels of predictability for consistent low-latency response times to meet the needs of time-sensitive workloads. MRG Realtime also provides new levels of determinism by optimizing lengthy kernel code paths to ensure that they do not become bottlenecks. This allows for better prioritization of applications, resulting in consistent, predictable response times for high-priority applications.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2014-3181, CVE-2014-3182, CVE-2014-3184, CVE-2014-3185, CVE-2014-4171, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410
SHA-256 | 0a77ae165e92c2af80d046f9c03d5956b16c1925f2c276662095049b6e85164d
Ubuntu Security Notice USN-2359-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2359-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5077, CVE-2014-5471, CVE-2014-5472
SHA-256 | cf16b83f0cf1bc592f97d89975e48b9fc09cdb89e7cbea49009a9915a86c8c9b
Ubuntu Security Notice USN-2358-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2358-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5077, CVE-2014-5471, CVE-2014-5472
SHA-256 | 0d19c0cfd635887d874af2d1b5bf9dfce4d6a57b5a3961bb65c05caa2a2a30c8
Ubuntu Security Notice USN-2355-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2355-1 - Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-5471, CVE-2014-5472
SHA-256 | 6bb051a04b06b8f356fa6ace8abe900b0e5f36a2d10b0d99e687194d614f39f8
Ubuntu Security Notice USN-2357-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2357-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5471, CVE-2014-5472
SHA-256 | 0ebb86614e3898d4a547dc9127eb1ace7ab6fa1c8b81e79dc053df7fce2da65e
Ubuntu Security Notice USN-2354-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2354-1 - Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-5471, CVE-2014-5472
SHA-256 | cc00d48b3eea531226e9d223ac3a99209cf8c6e5080f17972bfb51e37ce4567e
Ubuntu Security Notice USN-2356-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2356-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5471, CVE-2014-5472
SHA-256 | ce2fd3f7419d213c47c8c6b1fbeea798fbd8c810f8df48d686af866f5ffb68db
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close