exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

CVE-2016-7042

Status Candidate

Overview

The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.

Related Files

Red Hat Security Advisory 2017-2669-01
Posted Sep 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2669-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-8839, CVE-2016-10088, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9604, CVE-2016-9685, CVE-2016-9806, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7533, CVE-2017-7889, CVE-2017-8797, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077
MD5 | 0a221d8536beefe0e66026fd3343761f
Red Hat Security Advisory 2017-1842-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1842-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-7970, CVE-2014-7975, CVE-2015-8839, CVE-2015-8970, CVE-2016-10088, CVE-2016-10147, CVE-2016-10200, CVE-2016-6213, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9604, CVE-2016-9685, CVE-2016-9806, CVE-2017-2596, CVE-2017-2647, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8797, CVE-2017-8890, CVE-2017-9074
MD5 | e79dcd340ec8fd5ccd78d062d54ebf21
Red Hat Security Advisory 2017-2077-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2077-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-7970, CVE-2014-7975, CVE-2015-8839, CVE-2015-8970, CVE-2016-10088, CVE-2016-10147, CVE-2016-10200, CVE-2016-6213, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9604, CVE-2016-9685, CVE-2016-9806, CVE-2017-2596, CVE-2017-2647, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8797, CVE-2017-8890, CVE-2017-9074
MD5 | 06777be13da445d34278d3bd85082db2
Red Hat Security Advisory 2017-0817-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0817-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-10088, CVE-2016-10142, CVE-2016-2069, CVE-2016-2384, CVE-2016-6480, CVE-2016-7042, CVE-2016-7097, CVE-2016-8399, CVE-2016-9576
MD5 | b3b4f6f881b29620a89e2c49c244298d
Ubuntu Security Notice USN-3161-3
Posted Dec 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3161-3 - Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information. It was discovered that the Video For Linux Two implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8964, CVE-2016-4568, CVE-2016-6213, CVE-2016-7042, CVE-2016-7097, CVE-2016-7425, CVE-2016-8630, CVE-2016-8633, CVE-2016-8645, CVE-2016-8658, CVE-2016-9178, CVE-2016-9555
MD5 | 92c03c76e3e3979d62d79b96ba3d7866
Kernel Live Patch Security Notice LSN-0013-1
Posted Nov 30, 2016
Authored by Luis Henriques

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg(2) implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other kernel vulnerabilities were also discovered and addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2016-7042, CVE-2016-7117, CVE-2016-7425, CVE-2016-8658
MD5 | 62cbf8e508bff43744108581efe5a4bb
Ubuntu Security Notice USN-3129-2
Posted Nov 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3129-2 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7042
MD5 | 24d12118ccf7aaf4d876465aee7a4591
Ubuntu Security Notice USN-3128-2
Posted Nov 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3128-2 - USN-3128-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7042
MD5 | d2085bdc321414c144d412969fc5a8b7
Ubuntu Security Notice USN-3127-1
Posted Nov 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3127-1 - It was discovered that the compression handling code in the Advanced Linux Sound Architecture subsystem in the Linux kernel did not properly check for an integer overflow. A local attacker could use this to cause a denial of service. Kirill A. Shutemov discovered that memory manager in the Linux kernel did not properly handle anonymous pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9904, CVE-2015-3288, CVE-2016-3961, CVE-2016-7042
MD5 | bba3080f0d3a18c726355a0757b938f6
Ubuntu Security Notice USN-3129-1
Posted Nov 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3129-1 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7042
MD5 | 6ddec06b0f09d611b10ea650dba9aadd
Ubuntu Security Notice USN-3128-3
Posted Nov 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3128-3 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7042
MD5 | d4d8815558383d60c4d92ffe552432a8
Ubuntu Security Notice USN-3126-1
Posted Nov 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3126-1 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service. Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg implementation in the Linux kernel. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7042, CVE-2016-7117
MD5 | 34abbeecd53b827da87aafbc66550095
Ubuntu Security Notice USN-3128-1
Posted Nov 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3128-1 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7042
MD5 | 92afc4c0d8cd958380a07b1c643ca4b1
Ubuntu Security Notice USN-3127-2
Posted Nov 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3127-2 - USN-3127-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that the compression handling code in the Advanced Linux Sound Architecture subsystem in the Linux kernel did not properly check for an integer overflow. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-9904, CVE-2015-3288, CVE-2016-3961, CVE-2016-7042
MD5 | b399ac6f7df5b3008c8b30cdaddc104a
Ubuntu Security Notice USN-3126-2
Posted Nov 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3126-2 - Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service. Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg implementation in the Linux kernel. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7042, CVE-2016-7117
MD5 | 94b4a730d05a776a27f91d3d52865a9d
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close