what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2017-1000410

Status Candidate

Overview

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).

Related Files

Ubuntu Security Notice USN-3933-2
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3933-2 - USN-3933-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000410, CVE-2017-18360, CVE-2018-19824, CVE-2019-3460, CVE-2019-6974, CVE-2019-7222, CVE-2019-9213
SHA-256 | 293ab65e73bf98d20f314b55630ebb7d784a521cd0ca32fe2129f80d23b2e3ac
Ubuntu Security Notice USN-3933-1
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3933-1 - It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information. It was discovered that the USB serial device driver in the Linux kernel did not properly validate baud rate settings when debugging is enabled. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000410, CVE-2017-18360, CVE-2018-19824, CVE-2019-3460, CVE-2019-6974, CVE-2019-7222, CVE-2019-9213
SHA-256 | dacdaa1df1a65a7d64811fadba0688d21342dc6a545f4369b2f3a0d1e7628320
Red Hat Security Advisory 2018-1319-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1319-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-1000410, CVE-2017-13166, CVE-2017-18017, CVE-2017-7645, CVE-2017-8824, CVE-2018-8897
SHA-256 | d3fe9410234a0ad13180edc1acd09d1f107cb6f71fe5498329640037d6599e2e
Red Hat Security Advisory 2018-1130-01
Posted Apr 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-1000252, CVE-2017-1000410, CVE-2017-13166, CVE-2017-15265, CVE-2017-17449, CVE-2017-18017, CVE-2017-8824, CVE-2017-9725
SHA-256 | 80cf5578da963f9e90cfb1fcfa47601793dee42a13f2199c2740a9d499d01fac
Red Hat Security Advisory 2018-1170-01
Posted Apr 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1170-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-1000410, CVE-2017-13166, CVE-2017-15265, CVE-2017-17449, CVE-2017-18017, CVE-2017-8824, CVE-2017-9725
SHA-256 | dc3a920fd3b2fe15dce55b1931b484c961cdd88961bd63050d3b696972886b80
Red Hat Security Advisory 2018-1062-01
Posted Apr 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1062-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, bypass, denial of service, randomization, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2016-3672, CVE-2016-7913, CVE-2016-8633, CVE-2017-1000252, CVE-2017-1000407, CVE-2017-1000410, CVE-2017-12154, CVE-2017-12190, CVE-2017-13166, CVE-2017-14140, CVE-2017-15116, CVE-2017-15121, CVE-2017-15126, CVE-2017-15127, CVE-2017-15129, CVE-2017-15265, CVE-2017-17448, CVE-2017-17449, CVE-2017-17558, CVE-2017-18017, CVE-2017-18203, CVE-2017-7294, CVE-2017-8824, CVE-2017-9725, CVE-2018-1000004, CVE-2018-5750
SHA-256 | fbeade70a9a2b1fd9926eaf605a9a3afcda14c9b6e58abd7aae2926d31ecbaa9
Red Hat Security Advisory 2018-0676-01
Posted Apr 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0676-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2016-3672, CVE-2016-7913, CVE-2016-8633, CVE-2017-1000252, CVE-2017-1000407, CVE-2017-1000410, CVE-2017-12154, CVE-2017-12190, CVE-2017-13166, CVE-2017-14140, CVE-2017-15116, CVE-2017-15121, CVE-2017-15126, CVE-2017-15127, CVE-2017-15129, CVE-2017-15265, CVE-2017-17053, CVE-2017-17448, CVE-2017-17449, CVE-2017-17558, CVE-2017-18017, CVE-2017-18203, CVE-2017-7294, CVE-2017-8824, CVE-2017-9725, CVE-2018-1000004
SHA-256 | 760529e5784a4c45d323b6b90d60c38cfaa4a399d95492fd1f96c65cfeea827b
Red Hat Security Advisory 2018-0654-01
Posted Apr 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0654-01 - The kernel-alt packages provide the Linux kernel version 4.x. The following packages have been upgraded to a later upstream version: kernel-alt. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-1000255, CVE-2017-1000410, CVE-2017-11473, CVE-2017-12190, CVE-2017-15129, CVE-2017-15299, CVE-2017-17448, CVE-2017-17449, CVE-2018-1000004, CVE-2018-6927
SHA-256 | 46213a5d7256ccc486e09644da5d4a3741fa2506819b7e2725344f3ca8bb31cb
Debian Security Advisory 4082-1
Posted Jan 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4082-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2017-1000407, CVE-2017-1000410, CVE-2017-15868, CVE-2017-16538, CVE-2017-16939, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2017-5754, CVE-2017-8824
SHA-256 | 347c611935bac535fc1ce2315b4501495b8f7bd67bd16039884f09a909a4602d
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close