what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2015-5283

Status Candidate

Overview

The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.

Related Files

Ubuntu Security Notice USN-2829-2
Posted Dec 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2829-2 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | 5e4f710da8e8bbf54975fb1576d44e7ff897febc80e10c3dce85fa2a8b83ab06
Ubuntu Security Notice USN-2829-1
Posted Dec 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2829-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | e5abdf2008e62ef43b3ae503e90de529e5809783c88d0f8c0761fc3ccbd0f5fd
Ubuntu Security Notice USN-2826-1
Posted Dec 3, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2826-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | a46cac37588ee91b5f88a74d036718a72a40eb593bde4fc8fd7dd5be31746a37
Ubuntu Security Notice USN-2823-1
Posted Dec 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2823-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | b571488b07c4a6634118c61047b479fdea699b8487c5473f9b60f7ecedacf73d
Red Hat Security Advisory 2015-2411-01
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2411-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-7421, CVE-2014-8171, CVE-2014-9419, CVE-2014-9644, CVE-2015-2925, CVE-2015-3339, CVE-2015-4170, CVE-2015-5283, CVE-2015-7613, CVE-2015-7837
SHA-256 | 4ebb6d7591b02e0740e1a4134740ddd99527157811e2ec9e82dc7ce5145182a6
Red Hat Security Advisory 2015-2152-02
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2152-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2010-5313, CVE-2013-7421, CVE-2014-3647, CVE-2014-7842, CVE-2014-8171, CVE-2014-9419, CVE-2014-9644, CVE-2015-0239, CVE-2015-2925, CVE-2015-3339, CVE-2015-4170, CVE-2015-5283, CVE-2015-6526, CVE-2015-7613, CVE-2015-7837
SHA-256 | 06dbad210262abe32fe40f41673bf1f3c59cc04c20cc43a1e532a4849a8b46c6
Ubuntu Security Notice USN-2797-1
Posted Nov 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2797-1 - It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2015-0272, CVE-2015-2925, CVE-2015-5257, CVE-2015-5283
SHA-256 | dd05d11b3e84b3326131f4cb20c0dccdf1f459f2b7d53a4da9e0fab17349eefa
Debian Security Advisory 3372-1
Posted Oct 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3372-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification.

tags | advisory, denial of service, kernel, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-2925, CVE-2015-5257, CVE-2015-5283, CVE-2015-7613
SHA-256 | 307334c9a5eff72ba64a9e315472120a161622f5ea8a1063d37e73e088dcd4e3
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close