exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2016-8399

Status Candidate

Overview

An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.

Related Files

Red Hat Security Advisory 2017-2931-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2931-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2016-8399, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558
SHA-256 | edba1cdf75883b0afd4147a1b9b0f8c787387b79a168379d1cee80de73ebe1ea
Red Hat Security Advisory 2017-2930-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2930-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2016-8399, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558
SHA-256 | e290a5f1dc4b6935b2c09d9c88039750f701a314dff84bdf0a026e7c338e354d
Kernel Live Patch Security Notice LSN-0021-1
Posted Apr 15, 2017
Authored by Benjamin M. Romer

Several security issues were fixed in the kernel. Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service (system crash). Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2016-5195, CVE-2016-7910, CVE-2016-7911, CVE-2016-7912, CVE-2016-7916, CVE-2016-8399, CVE-2016-8630, CVE-2016-8633, CVE-2016-9191, CVE-2016-9555, CVE-2016-9756, CVE-2017-2583, CVE-2017-6074, CVE-2017-7308
SHA-256 | 42b1d7e92d487c05901f19f08b2e6c9e119556985c2054e46a019c3a3bd7bf0d
Red Hat Security Advisory 2017-0869-01
Posted Apr 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0869-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). Enhancement:

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-8399
SHA-256 | c7b5eaf57adbad1eed998d1a79c4920ea877082a5e42528c470ee450b22b4b7b
Red Hat Security Advisory 2017-0817-01
Posted Mar 21, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0817-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-10088, CVE-2016-10142, CVE-2016-2069, CVE-2016-2384, CVE-2016-6480, CVE-2016-7042, CVE-2016-7097, CVE-2016-8399, CVE-2016-9576
SHA-256 | 597c633d164dd5b659055724a7f94dfa6104bd1ddf58babc8fd4e61d37290908
Ubuntu Security Notice USN-3190-2
Posted Feb 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3190-2 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10147, CVE-2016-10150, CVE-2016-8399, CVE-2016-8632, CVE-2016-9777
SHA-256 | cf4cc9859b178aeba3d7971d5f7e2816de9414942d6b55bc51f88f58392aac87
Ubuntu Security Notice USN-3189-1
Posted Feb 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3189-1 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. Qidan He discovered that the ICMP implementation in the Linux kernel did not properly check the size of an ICMP header. A local attacker with CAP_NET_ADMIN could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10147, CVE-2016-8399
SHA-256 | 0f3136fcfb20894c5f31c658da4570ea1617117f25f703bedd4422456e8c8b6e
Ubuntu Security Notice USN-3189-2
Posted Feb 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3189-2 - USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10147, CVE-2016-8399
SHA-256 | 852d2ecf12fb5e32e229fe893e3cd546f2ac5e0aedf19d8cb685eabd45e1317e
Ubuntu Security Notice USN-3190-1
Posted Feb 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3190-1 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10147, CVE-2016-10150, CVE-2016-8399, CVE-2016-8632, CVE-2016-9777
SHA-256 | bd67da6c07218157f0d827497e94107d511dd272fd135c5e7062763994f1a47d
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close