what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

CVE-2015-1421

Status Candidate

Overview

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.

Related Files

Red Hat Security Advisory 2015-1082-01
Posted Jun 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1082-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2015-1421, CVE-2015-1805
MD5 | 8d9fa096d4c68d93a5640b1e44eeb6fc
Red Hat Security Advisory 2015-1030-01
Posted May 28, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1030-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. This issue was discovered by Sun Baoliang of Red Hat.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2015-1421
MD5 | fb3f1a86e35a528686d9740b9d192557
Red Hat Security Advisory 2015-0864-01
Posted Apr 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0864-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2014-3215, CVE-2014-3690, CVE-2014-7825, CVE-2014-7826, CVE-2014-8171, CVE-2014-8884, CVE-2014-9529, CVE-2014-9584, CVE-2015-1421
MD5 | cb34cce50ff282a4708151c4579de7c9
Ubuntu Security Notice USN-2563-1
Posted Apr 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2563-1 - Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2015-1421, CVE-2015-1465, CVE-2015-1593, CVE-2015-2041, CVE-2015-2042
MD5 | 40173d94425fb5b108eb49691e01129b
Ubuntu Security Notice USN-2562-1
Posted Apr 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2562-1 - Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2015-1421, CVE-2015-1465, CVE-2015-1593, CVE-2015-2041, CVE-2015-2042
MD5 | 9de01098df2072bf002760336bd4a21b
Red Hat Security Advisory 2015-0782-01
Posted Apr 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0782-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2014-3690, CVE-2014-5471, CVE-2014-5472, CVE-2014-8159, CVE-2014-8884, CVE-2015-1421
MD5 | 04cee26fd7d7b4432f616bc2cb07bcc7
Red Hat Security Advisory 2015-0751-01
Posted Mar 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0751-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159, CVE-2015-1421
MD5 | af3ab39476dc1364eb49219c67584a9d
Red Hat Security Advisory 2015-0726-01
Posted Mar 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0726-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159, CVE-2015-1421
MD5 | 3bf81dd77391e1582d1be83d90c5759f
Red Hat Security Advisory 2015-0727-01
Posted Mar 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0727-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159, CVE-2015-1421
MD5 | 75277269812de00a59f8a9363951fa80
Ubuntu Security Notice USN-2545-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2545-1 - A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-9644, CVE-2015-1421, CVE-2015-1465
MD5 | 5ae0554e64e796d299cb0dd60398e427
Ubuntu Security Notice USN-2546-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2546-1 - A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-9644, CVE-2015-1421, CVE-2015-1465
MD5 | 3c3b871a5068bd2fff0e393ad0aa76aa
Ubuntu Security Notice USN-2541-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2541-1 - The Linux kernel's splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7822, CVE-2014-9419, CVE-2014-9683, CVE-2015-1421
MD5 | 3e24d4f47628df7e3421fd1a7b297cab
Ubuntu Security Notice USN-2542-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2542-1 - The Linux kernel's splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7822, CVE-2014-9419, CVE-2014-9683, CVE-2015-1421
MD5 | 4d82d698728935036be976213a63d50d
Debian Security Advisory 3170-1
Posted Feb 26, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3170-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-7421, CVE-2014-7822, CVE-2014-8160, CVE-2014-8559, CVE-2014-9585, CVE-2014-9644, CVE-2014-9683, CVE-2015-0239, CVE-2015-1420, CVE-2015-1421, CVE-2015-1593
MD5 | 027f0aa2e94634ffb4a7876370d57d9d
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close