exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2016-8632

Status Candidate

Overview

The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.

Related Files

Ubuntu Security Notice USN-3470-2
Posted Nov 1, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3470-2 - USN-3470-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-8632, CVE-2017-10661, CVE-2017-10662, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
SHA-256 | 45cdfddce64c932d022da74ac84e9b861d656767a40b616a21399ad5537f8edd
Ubuntu Security Notice USN-3470-1
Posted Oct 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3470-1 - Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Dmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8632, CVE-2017-10661, CVE-2017-10662, CVE-2017-10663, CVE-2017-10911, CVE-2017-11176, CVE-2017-14340
SHA-256 | 79802aa159a36b07a77681f62d34e9d9160b1f7e1046cae1a8af43715e35697b
Kernel Live Patch Security Notice LSN-0025-1
Posted Jul 16, 2017
Authored by Benjamin M. Romer

Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2016-8632, CVE-2016-9604, CVE-2017-1000364, CVE-2017-2584, CVE-2017-6074, CVE-2017-7346, CVE-2017-7472, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9242
SHA-256 | 91cb2bc988d62a783323447ecb77bf0d50a13e5d484b3ad48a99a46f99980cdf
Ubuntu Security Notice USN-3312-2
Posted Jun 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3312-2 - USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7913, CVE-2016-7917, CVE-2016-8632, CVE-2016-9083, CVE-2016-9084, CVE-2016-9604, CVE-2017-0605, CVE-2017-2596, CVE-2017-2671, CVE-2017-6001, CVE-2017-7472, CVE-2017-7618, CVE-2017-7645, CVE-2017-7889, CVE-2017-7895
SHA-256 | 9bc4f5c509d58e7374d08b91a33f59e8cc908ffa5e09f39be89e361fa0dd271e
Ubuntu Security Notice USN-3312-1
Posted Jun 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3312-1 - It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7913, CVE-2016-7917, CVE-2016-8632, CVE-2016-9083, CVE-2016-9084, CVE-2016-9604, CVE-2017-0605, CVE-2017-2596, CVE-2017-2671, CVE-2017-6001, CVE-2017-7472, CVE-2017-7618, CVE-2017-7645, CVE-2017-7889, CVE-2017-7895
SHA-256 | f93b3056d137e6f094a683c78f33de2cfc51578e2b30f5bf0580b49f3136e70e
Ubuntu Security Notice USN-3190-2
Posted Feb 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3190-2 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10147, CVE-2016-10150, CVE-2016-8399, CVE-2016-8632, CVE-2016-9777
SHA-256 | cf4cc9859b178aeba3d7971d5f7e2816de9414942d6b55bc51f88f58392aac87
Ubuntu Security Notice USN-3190-1
Posted Feb 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3190-1 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10147, CVE-2016-10150, CVE-2016-8399, CVE-2016-8632, CVE-2016-9777
SHA-256 | bd67da6c07218157f0d827497e94107d511dd272fd135c5e7062763994f1a47d
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close