exploit the possibilities
Showing 1 - 13 of 13 RSS Feed

CVE-2014-8884

Status Candidate

Overview

Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.

Related Files

Red Hat Security Advisory 2015-0864-01
Posted Apr 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0864-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2014-3215, CVE-2014-3690, CVE-2014-7825, CVE-2014-7826, CVE-2014-8171, CVE-2014-8884, CVE-2014-9529, CVE-2014-9584, CVE-2015-1421
SHA-256 | 24e7a0f27ae4cfb8cbaeef49a7e9203298bb317a8eb324c5b8f16adb18278828
Red Hat Security Advisory 2015-0782-01
Posted Apr 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0782-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2014-3690, CVE-2014-5471, CVE-2014-5472, CVE-2014-8159, CVE-2014-8884, CVE-2015-1421
SHA-256 | 497a3d5df6407e2e427e7c1470a45a7c8129599f5ebc30b4932e3935b243a11f
Red Hat Security Advisory 2015-0290-01
Posted Mar 5, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0290-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause denial of service on the system.

tags | advisory, remote, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2014-3690, CVE-2014-3940, CVE-2014-7825, CVE-2014-7826, CVE-2014-8086, CVE-2014-8160, CVE-2014-8172, CVE-2014-8173, CVE-2014-8709, CVE-2014-8884, CVE-2015-0274
SHA-256 | 1aebc78eb21f1a9fa9c0602f7e6c1ee22261ff3e5cb9a63185775754015e6f78
Mandriva Linux Security Advisory 2015-027
Posted Jan 16, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-027 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.

tags | advisory, remote, denial of service, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2014-3688, CVE-2014-6416, CVE-2014-6417, CVE-2014-6418, CVE-2014-7841, CVE-2014-7842, CVE-2014-8133, CVE-2014-8884, CVE-2014-9090, CVE-2014-9322, CVE-2014-9419, CVE-2014-9420, CVE-2014-9529, CVE-2014-9584, CVE-2014-9585
SHA-256 | 8db2a8779b1b5045f0e914377584f2e707328f0f91ef09e5a26429ff9fa5d67c
Ubuntu Security Notice USN-2468-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2468-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
SHA-256 | b87ad3513b1b14897c08a8fa67c7f83ae209118a25480a7387424398b46ff1eb
Ubuntu Security Notice USN-2467-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2467-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
SHA-256 | 6db7378aa52f1ea3d0d471f8fffba697ae4faed7d96f6528cf50a5bb6e55846e
Ubuntu Security Notice USN-2466-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2466-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
SHA-256 | 72ab799039264b012fe56154c3779f8c3a2e0239f77320cbea5170fef033aff4
Ubuntu Security Notice USN-2465-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2465-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
SHA-256 | 07d103f30d4ad42e9fbba5870ef5da6e4ed83ec02f5cd414821e6b547da1c15b
Ubuntu Security Notice USN-2444-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2444-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7825, CVE-2014-7826, CVE-2014-7841, CVE-2014-8134, CVE-2014-8884, CVE-2014-9090
SHA-256 | 8d55b495c08c469f393a908849b08199e4e913ec6381b4b38d921293f81b5df4
Ubuntu Security Notice USN-2443-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2443-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7825, CVE-2014-7826, CVE-2014-7841, CVE-2014-8134, CVE-2014-8884, CVE-2014-9090
SHA-256 | cf6047ccb1b24e003bd8fa8a4bde8410e0623e015f81104c409931c57084f548
Ubuntu Security Notice USN-2442-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2442-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7841, CVE-2014-8134, CVE-2014-8709, CVE-2014-8884, CVE-2014-9090
SHA-256 | 288267c834792a8e3246504ad1734c3fe48f348a5065045fb6df325ec1dcf9ee
Ubuntu Security Notice USN-2441-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2441-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7841, CVE-2014-8134, CVE-2014-8709, CVE-2014-8884, CVE-2014-9090
SHA-256 | 351ac93482ab04f44a623a4251f21fe15ca92d2c32eaf98a44a99b4d5a247b0e
Debian Security Advisory 3093-1
Posted Dec 9, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3093-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-7841, CVE-2014-8369, CVE-2014-8884, CVE-2014-9090
SHA-256 | 57232cc982d5b56a3a4484ad03202481e9d82dcc2130c361d364a0329773cbdd
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close