exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2015-5283

Status Candidate

Overview

The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.

Related Files

Ubuntu Security Notice USN-2829-2
Posted Dec 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2829-2 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | 5e4f710da8e8bbf54975fb1576d44e7ff897febc80e10c3dce85fa2a8b83ab06
Ubuntu Security Notice USN-2829-1
Posted Dec 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2829-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | e5abdf2008e62ef43b3ae503e90de529e5809783c88d0f8c0761fc3ccbd0f5fd
Ubuntu Security Notice USN-2826-1
Posted Dec 3, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2826-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | a46cac37588ee91b5f88a74d036718a72a40eb593bde4fc8fd7dd5be31746a37
Ubuntu Security Notice USN-2823-1
Posted Dec 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2823-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | b571488b07c4a6634118c61047b479fdea699b8487c5473f9b60f7ecedacf73d
Red Hat Security Advisory 2015-2411-01
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2411-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-7421, CVE-2014-8171, CVE-2014-9419, CVE-2014-9644, CVE-2015-2925, CVE-2015-3339, CVE-2015-4170, CVE-2015-5283, CVE-2015-7613, CVE-2015-7837
SHA-256 | 4ebb6d7591b02e0740e1a4134740ddd99527157811e2ec9e82dc7ce5145182a6
Red Hat Security Advisory 2015-2152-02
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2152-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2010-5313, CVE-2013-7421, CVE-2014-3647, CVE-2014-7842, CVE-2014-8171, CVE-2014-9419, CVE-2014-9644, CVE-2015-0239, CVE-2015-2925, CVE-2015-3339, CVE-2015-4170, CVE-2015-5283, CVE-2015-6526, CVE-2015-7613, CVE-2015-7837
SHA-256 | 06dbad210262abe32fe40f41673bf1f3c59cc04c20cc43a1e532a4849a8b46c6
Ubuntu Security Notice USN-2797-1
Posted Nov 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2797-1 - It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2015-0272, CVE-2015-2925, CVE-2015-5257, CVE-2015-5283
SHA-256 | dd05d11b3e84b3326131f4cb20c0dccdf1f459f2b7d53a4da9e0fab17349eefa
Debian Security Advisory 3372-1
Posted Oct 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3372-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification.

tags | advisory, denial of service, kernel, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-2925, CVE-2015-5257, CVE-2015-5283, CVE-2015-7613
SHA-256 | 307334c9a5eff72ba64a9e315472120a161622f5ea8a1063d37e73e088dcd4e3
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close