exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

CVE-2014-7825

Status Candidate

Overview

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.

Related Files

Red Hat Security Advisory 2015-0864-01
Posted Apr 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0864-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2014-3215, CVE-2014-3690, CVE-2014-7825, CVE-2014-7826, CVE-2014-8171, CVE-2014-8884, CVE-2014-9529, CVE-2014-9584, CVE-2015-1421
SHA-256 | 24e7a0f27ae4cfb8cbaeef49a7e9203298bb317a8eb324c5b8f16adb18278828
Red Hat Security Advisory 2015-0290-01
Posted Mar 5, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0290-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause denial of service on the system.

tags | advisory, remote, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2014-3690, CVE-2014-3940, CVE-2014-7825, CVE-2014-7826, CVE-2014-8086, CVE-2014-8160, CVE-2014-8172, CVE-2014-8173, CVE-2014-8709, CVE-2014-8884, CVE-2015-0274
SHA-256 | 1aebc78eb21f1a9fa9c0602f7e6c1ee22261ff3e5cb9a63185775754015e6f78
Ubuntu Security Notice USN-2448-2
Posted Dec 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2448-2 - USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7825, CVE-2014-7826, CVE-2014-7970, CVE-2014-8086, CVE-2014-8134, CVE-2014-8369, CVE-2014-9090
SHA-256 | c47545b18e641e882b45a3c426edabfd912ad269d8872340a45d7660ebe5e154
Ubuntu Security Notice USN-2447-2
Posted Dec 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2447-2 - USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7825, CVE-2014-7826, CVE-2014-7970, CVE-2014-8086, CVE-2014-8134, CVE-2014-8369, CVE-2014-9090
SHA-256 | 48836bea6415674b21cc9d2e67d419022278c5cdd948c6b798dbc7a87a1e15be
Ubuntu Security Notice USN-2448-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2448-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7825, CVE-2014-7826, CVE-2014-7970, CVE-2014-8086, CVE-2014-8134, CVE-2014-8369, CVE-2014-9090
SHA-256 | cc26cddcf990c6e4806b8a2830ba32c515f3b08214bf8c6381b965ed04395de6
Ubuntu Security Notice USN-2444-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2444-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7825, CVE-2014-7826, CVE-2014-7841, CVE-2014-8134, CVE-2014-8884, CVE-2014-9090
SHA-256 | 8d55b495c08c469f393a908849b08199e4e913ec6381b4b38d921293f81b5df4
Ubuntu Security Notice USN-2447-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2447-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7825, CVE-2014-7826, CVE-2014-7970, CVE-2014-8086, CVE-2014-8134, CVE-2014-8369, CVE-2014-9090
SHA-256 | df1d53cc9704187a3bff3f08f70b26ee26d8e4cf0a0fd71fa2bd5ced9530d3d6
Ubuntu Security Notice USN-2446-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2446-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7825, CVE-2014-7826, CVE-2014-8134, CVE-2014-8369, CVE-2014-9090
SHA-256 | 8e8cdac6a89c267aaf2a3f6860b6f66859cff32a439578520916813950701dd3
Ubuntu Security Notice USN-2445-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2445-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7825, CVE-2014-7826, CVE-2014-8134, CVE-2014-8369, CVE-2014-9090
SHA-256 | 94e812239191ebdb5a1cef87d91adbdb63a8e570f57301b832942b8b783b3c83
Ubuntu Security Notice USN-2443-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2443-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7825, CVE-2014-7826, CVE-2014-7841, CVE-2014-8134, CVE-2014-8884, CVE-2014-9090
SHA-256 | cf6047ccb1b24e003bd8fa8a4bde8410e0623e015f81104c409931c57084f548
Red Hat Security Advisory 2014-1943-01
Posted Dec 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1943-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A denial of service flaw was found in the way the Linux kernel's XFS file system implementation ordered directory hashes under certain conditions. A local attacker could use this flaw to corrupt the file system by creating directories with colliding hash values, potentially resulting in a system crash. An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2014-7283, CVE-2014-7825, CVE-2014-7826
SHA-256 | cc3e05257532fc79a02085cdd50c6e4645efeb4e848a6378e35a998e47c4af51
Mandriva Linux Security Advisory 2014-230
Posted Nov 27, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-230 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-3647, CVE-2014-3673, CVE-2014-3687, CVE-2014-3690, CVE-2014-7825, CVE-2014-7826, CVE-2014-7970, CVE-2014-8369
SHA-256 | e78db882e943ee9b4f1b7075ddaa971883bca45bf173bf02afe691b652970d70
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close