exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

CVE-2016-8655

Status Candidate

Overview

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.

Related Files

AF_PACKET chocobo_root Privilege Escalation
Posted May 22, 2018
Authored by rebel, Brendan Coles | Site metasploit.com

This Metasploit module exploits a race condition and use-after-free in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2016-8655). The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu (Trusty / Xenial) kernels 4.4.0 < 4.4.0-53, including Linux distros based on Ubuntu, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 17.3 (x86_64); Linux Mint 18 (x86_64); and Ubuntu 16.04.2 (x86_64) with kernel versions 4.4.0-45-generic and 4.4.0-51-generic.

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 4e74e49fb99838182c2b1099fc25b230
Red Hat Security Advisory 2017-0387-01
Posted Mar 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0387-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Linux kernel built with the Kernel-based Virtual Machine support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.

tags | advisory, x86, kernel
systems | linux, redhat
advisories | CVE-2016-8630, CVE-2016-8655, CVE-2016-9083, CVE-2016-9084
MD5 | cc2ebfe5262296af79965a8c1d83b9fa
Red Hat Security Advisory 2017-0386-01
Posted Mar 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0386-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Linux kernel built with the Kernel-based Virtual Machine support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.

tags | advisory, x86, kernel
systems | linux, redhat
advisories | CVE-2016-8630, CVE-2016-8655, CVE-2016-9083, CVE-2016-9084
MD5 | 55415426738d7f1e95a8acb8f03bdb67
Red Hat Security Advisory 2017-0402-01
Posted Mar 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0402-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-8655
MD5 | 70f5422b571d13fb557e1ddeeb444228
Slackware Security Advisory - kernel Updates
Posted Dec 13, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kernel packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2016-8655
MD5 | c479ad95472bd76a9914b887b5c65942
Kernel Live Patch Security Notice LSN-0014-1
Posted Dec 8, 2016
Authored by Luis Henriques

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, tcp
systems | linux
advisories | CVE-2016-6480, CVE-2016-6828, CVE-2016-8655
MD5 | c654f261f98e8fb00d15ffa5185aa4a4
Linux Kernel 4.4.0 AF_PACKET Race Condition / Privilege Escalation
Posted Dec 7, 2016
Authored by rebel

Linux AF_PACKET race condition exploit for Ubuntu 16.04 x86_64.

tags | exploit
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 803c6124c3dfdcf405e4d99abc79f610
Ubuntu Security Notice USN-3151-1
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3151-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 6952e7bfa7c349924edf0c43c0eab1af
Ubuntu Security Notice USN-3150-1
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3150-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 02590e8e99bb50da06f1db132834771c
Ubuntu Security Notice USN-3149-2
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3149-2 - USN-3149-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | c741cdb933937a559b270aa3cec57dc9
Ubuntu Security Notice USN-3149-1
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3149-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 0b2ba1755fc8faaf9eb5fc2729f7dcbb
Ubuntu Security Notice USN-3152-2
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3152-2 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 5d7a89c84198b455259ae8d929e122ac
Ubuntu Security Notice USN-3151-4
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3151-4 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 5380e5349d80703917a947052c924396
Ubuntu Security Notice USN-3150-2
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3150-2 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 21055700355a4e876e305296ef95e0a4
Ubuntu Security Notice USN-3151-3
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3151-3 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | d244eb00346ae1ba47f269b80afa86e0
Ubuntu Security Notice USN-3152-1
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3152-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 97dcc7f65cb4debc28f8acd7a4d2202a
Ubuntu Security Notice USN-3151-2
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3151-2 - USN-3151-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 02cd4fd00e8b22eec136e4b41f9f67ce
Page 1 of 1
Back1Next

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    5 Files
  • 4
    Aug 4th
    7 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close