what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2016-8632

Status Candidate

Overview

The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.

Related Files

Ubuntu Security Notice USN-3470-2
Posted Nov 1, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3470-2 - USN-3470-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-8632, CVE-2017-10661, CVE-2017-10662, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
SHA-256 | 45cdfddce64c932d022da74ac84e9b861d656767a40b616a21399ad5537f8edd
Ubuntu Security Notice USN-3470-1
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3470-1 - Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Dmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8632, CVE-2017-10661, CVE-2017-10662, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
SHA-256 | 79802aa159a36b07a77681f62d34e9d9160b1f7e1046cae1a8af43715e35697b
Kernel Live Patch Security Notice LSN-0025-1
Posted Jul 16, 2017
Authored by Benjamin M. Romer

Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2016-8632, CVE-2016-9604, CVE-2017-1000364, CVE-2017-2584, CVE-2017-6074, CVE-2017-7346, CVE-2017-7472, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9242
SHA-256 | 91cb2bc988d62a783323447ecb77bf0d50a13e5d484b3ad48a99a46f99980cdf
Ubuntu Security Notice USN-3312-2
Posted Jun 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3312-2 - USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7913, CVE-2016-7917, CVE-2016-8632, CVE-2016-9083, CVE-2016-9084, CVE-2016-9604, CVE-2017-0605, CVE-2017-2596, CVE-2017-2671, CVE-2017-6001, CVE-2017-7472, CVE-2017-7618, CVE-2017-7645, CVE-2017-7889, CVE-2017-7895
SHA-256 | 9bc4f5c509d58e7374d08b91a33f59e8cc908ffa5e09f39be89e361fa0dd271e
Ubuntu Security Notice USN-3312-1
Posted Jun 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3312-1 - It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7913, CVE-2016-7917, CVE-2016-8632, CVE-2016-9083, CVE-2016-9084, CVE-2016-9604, CVE-2017-0605, CVE-2017-2596, CVE-2017-2671, CVE-2017-6001, CVE-2017-7472, CVE-2017-7618, CVE-2017-7645, CVE-2017-7889, CVE-2017-7895
SHA-256 | f93b3056d137e6f094a683c78f33de2cfc51578e2b30f5bf0580b49f3136e70e
Ubuntu Security Notice USN-3190-2
Posted Feb 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3190-2 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10147, CVE-2016-10150, CVE-2016-8399, CVE-2016-8632, CVE-2016-9777
SHA-256 | cf4cc9859b178aeba3d7971d5f7e2816de9414942d6b55bc51f88f58392aac87
Ubuntu Security Notice USN-3190-1
Posted Feb 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3190-1 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10147, CVE-2016-10150, CVE-2016-8399, CVE-2016-8632, CVE-2016-9777
SHA-256 | bd67da6c07218157f0d827497e94107d511dd272fd135c5e7062763994f1a47d
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close