what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2015-8660

Status Candidate

Overview

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

Related Files

Overlayfs Privilege Escalation
Posted Nov 1, 2016
Authored by rebel, h00die | Site metasploit.com

This Metasploit module attempts to exploit two different CVEs (CVE-2015-1328 and CVE-2015-8660) related to overlayfs.

tags | exploit
advisories | CVE-2015-1328, CVE-2015-8660
SHA-256 | 051ac68d3b034444740ccd04d39c409e4a6f9b78bb6c5b472cf8e1acac90159d
Download | Favorite | View
Red Hat Security Advisory 2016-1539-01
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1539-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-2143, CVE-2016-4470
SHA-256 | a0ebfcaea69e03370b97678ac5b2af09385693a06588a694af826744d11bfd62
Download | Favorite | View
Red Hat Security Advisory 2016-1532-02
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1532-02 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-4470
SHA-256 | ae0ec067d76f883f07ac5ae1dac7a6ee3601b9b24f9fbd3814d99d690ead6941
Download | Favorite | View
Red Hat Security Advisory 2016-1541-03
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1541-03 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-4470
SHA-256 | 993b6f46bf8ef0fd9c20f5a4cd5b31000f1cfdfbbebb96d3af8403e94e254c62
Download | Favorite | View
Ubuntu 14.04 LTS / 15.10 overlayfs Local Root
Posted Jan 6, 2016
Authored by rebel

Ubuntu 14.04 LTS and 15.10 overlayfs local root exploit.

tags | exploit, local, root
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 1bf1b95880d7fb521bfe0cf76bb75801961ebb5f6b4b91508407ee6bad1b5076
Download | Favorite | View
Ubuntu Security Notice USN-2858-3
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2858-3 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 48425681b0b5e53cc4b801c91c5dcb8b298e07313c119da1cedff6eacf4292a3
Download | Favorite | View
Ubuntu Security Notice USN-2858-2
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2858-2 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 84b822e206e80ae7b54ed801761cd7e4fb9808f03798dc7446e5325a4760b793
Download | Favorite | View
Ubuntu Security Notice USN-2858-1
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2858-1 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 45cfcb2e85fdde5eb27a504542175a36445956c958ab02632509d0bd1adead99
Download | Favorite | View
Ubuntu Security Notice USN-2857-2
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2857-2 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 7e38428ed628f59f51dad90aea0dacbac3f82c78e918bc84ccec9e85b4f01c29
Download | Favorite | View
Ubuntu Security Notice USN-2857-1
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2857-1 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 8af0ea8abe573c2c245c547df79ec15d62a5547312f9d4d0daf04fa42de8d477
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    32 Files
  • 5
    Dec 5th
    10 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    23 Files
  • 8
    Dec 8th
    19 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close