exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

CVE-2017-1000363

Status Candidate

Overview

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.

Related Files

Ubuntu Security Notice USN-3342-2
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3342-2 - USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. USN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-5577, CVE-2017-7294, CVE-2017-7374, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | ad451459a82d58adcf3830ea5d4699fed8e20f06f412d9ed72a01f01f346917d
Ubuntu Security Notice USN-3345-1
Posted Jun 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3345-1 - USN 3324-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, java, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9150, CVE-2017-9242
SHA-256 | 4fad8a2d68a376e72996bff518accee987d6531fbdbaade3e1a8aafe24ebd666
Ubuntu Security Notice USN-3344-2
Posted Jun 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3344-2 - USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN 3334-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Various other issues were also addressed.

tags | advisory, java, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | ec10468c5bcc0374a009d044a4736922434eb7ade1b26c45c16cecb020b07caf
Ubuntu Security Notice USN-3344-1
Posted Jun 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3344-1 - USN 3328-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, java, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | a4f0efc2b95ce1da0e5cacbafafb82858ba2e9f6956f158428863e22f80ea6d3
Ubuntu Security Notice USN-3342-1
Posted Jun 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3342-1 - USN 3326-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, java, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-5577, CVE-2017-7294, CVE-2017-7374, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | 02f110dbf3f133d2c7e542623023dfb8fc8045b5c5147b836e889becc448b849
Ubuntu Security Notice USN-3343-1
Posted Jun 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3343-1 - USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, java, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9940, CVE-2017-0605, CVE-2017-1000363, CVE-2017-7294, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | 9ea59fe7184daae4dabc3d41854293f31717e8ced346b9507f46908a71b2ba14
Ubuntu Security Notice USN-3343-2
Posted Jun 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3343-2 - USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. USN 3335-2 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. Various other issues were also addressed.

tags | advisory, java, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-9940, CVE-2017-0605, CVE-2017-1000363, CVE-2017-7294, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | f56a67ded25cba5991da6e27ed05f27e72923a50d6768bc40e175e9410f6a869
Ubuntu Security Notice USN-3329-1
Posted Jun 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3329-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | 035f5397513469fc46fe35fc3228e636010806cb370496656d19713eb1f42714
Ubuntu Security Notice USN-3328-1
Posted Jun 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3328-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | 0b1eb015a833ea8a4dfab366e58e5ac3b87d72f7670b90113f19c11dec5ad22e
Ubuntu Security Notice USN-3327-1
Posted Jun 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3327-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-1000364, CVE-2017-5577, CVE-2017-7374, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | c8c82662c76f129144ea64a38a2922ced4fc5e2dd5cb6bd32a3b70e86b0a7190
Ubuntu Security Notice USN-3326-1
Posted Jun 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3326-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-1000364, CVE-2017-5577, CVE-2017-7374, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | ad46e108752d84316d39abb27edf66eba2d2bdfab7dd2aa8588e99776a86620c
Ubuntu Security Notice USN-3324-1
Posted Jun 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3324-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-1000364, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9150, CVE-2017-9242
SHA-256 | 2c5ba59805eb07621c353113a2a21f38511aadfb5495a6ed18f4d144cfe959ab
Ubuntu Security Notice USN-3325-1
Posted Jun 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3325-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-1000364, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9150, CVE-2017-9242
SHA-256 | 426ec316fe236e8d4959114127b40493159b960d73bfac790d20f2dc4485a012
Ubuntu Security Notice USN-3333-1
Posted Jun 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3333-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-1000364, CVE-2017-5577, CVE-2017-7374, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | 4f09ff9dd0d89be7716f1de63c51f7fa6a9d6f67532e75235081f7aa9d16038e
Ubuntu Security Notice USN-3330-1
Posted Jun 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3330-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | 561ba665a7c8f14f516368a687aefc2ebe5edf93a9e4bdf5d2c8abff837be886
Ubuntu Security Notice USN-3331-1
Posted Jun 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3331-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | 5360f2519114cf4b52118ed5761eecdee88d6b6f9f4e8f48aceb3b4dd94c7be3
Ubuntu Security Notice USN-3332-1
Posted Jun 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3332-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | d86bb80f33e0989ed1392542782f2b74404af76ec716b844dd5b37b8a9521b5e
Ubuntu Security Notice USN-3335-1
Posted Jun 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3335-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9940, CVE-2017-0605, CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7294, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | a18999a5900951e758b482057ceed33a0d89e8139f2125f11dd871bbd302fdfc
Ubuntu Security Notice USN-3334-1
Posted Jun 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3334-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000363, CVE-2017-1000364, CVE-2017-7487, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242
SHA-256 | 1b72b0433ffd0f73d5780bc3643d40413707b65705b1bea82d24d12c690f5e18
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close