Exploit the possiblities
Showing 1 - 7 of 7 RSS Feed

CVE-2016-8632

Status Candidate

Overview

The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.

Related Files

Ubuntu Security Notice USN-3470-2
Posted Nov 1, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3470-2 - USN-3470-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-8632, CVE-2017-10661, CVE-2017-10662, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
MD5 | 7949d63988c2185b2fec1d6ff3ab737d
Ubuntu Security Notice USN-3470-1
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3470-1 - Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Dmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8632, CVE-2017-10661, CVE-2017-10662, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
MD5 | 57feca81771640a80be09a58a7bd56a8
Kernel Live Patch Security Notice LSN-0025-1
Posted Jul 16, 2017
Authored by Benjamin M. Romer

Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2016-8632, CVE-2016-9604, CVE-2017-1000364, CVE-2017-2584, CVE-2017-6074, CVE-2017-7346, CVE-2017-7472, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9242
MD5 | f33f9e8f678adbf7a3a32f53939cff60
Ubuntu Security Notice USN-3312-2
Posted Jun 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3312-2 - USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7913, CVE-2016-7917, CVE-2016-8632, CVE-2016-9083, CVE-2016-9084, CVE-2016-9604, CVE-2017-0605, CVE-2017-2596, CVE-2017-2671, CVE-2017-6001, CVE-2017-7472, CVE-2017-7618, CVE-2017-7645, CVE-2017-7889, CVE-2017-7895
MD5 | f8dcccce709ef81f0592b215acb9e196
Ubuntu Security Notice USN-3312-1
Posted Jun 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3312-1 - It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7913, CVE-2016-7917, CVE-2016-8632, CVE-2016-9083, CVE-2016-9084, CVE-2016-9604, CVE-2017-0605, CVE-2017-2596, CVE-2017-2671, CVE-2017-6001, CVE-2017-7472, CVE-2017-7618, CVE-2017-7645, CVE-2017-7889, CVE-2017-7895
MD5 | faa65f948d2b34a3bc146375c9d83828
Ubuntu Security Notice USN-3190-2
Posted Feb 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3190-2 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10147, CVE-2016-10150, CVE-2016-8399, CVE-2016-8632, CVE-2016-9777
MD5 | b38325f7bdec3aa46af2a02a781f69fb
Ubuntu Security Notice USN-3190-1
Posted Feb 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3190-1 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10147, CVE-2016-10150, CVE-2016-8399, CVE-2016-8632, CVE-2016-9777
MD5 | b6ea4e8dd6b7056bfde9f40e58e42007
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    14 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close