exploit the possibilities
Showing 1 - 13 of 13 RSS Feed

CVE-2017-17448

Status Candidate

Overview

net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.

Related Files

Kernel Live Patch Security Notice LSN-0037-1
Posted May 7, 2018
Authored by Benjamin M. Romer

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2017-0861, CVE-2017-15129, CVE-2017-16995, CVE-2017-17448, CVE-2017-17450, CVE-2018-1000199, CVE-2018-5333, CVE-2018-5344, CVE-2018-8043
SHA-256 | 39ead24f1d46a53a4118ca65333192e8b23de00376f175ad713483a533c61a56
Ubuntu Security Notice USN-3632-1
Posted Apr 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3632-1 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service in the host OS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-1000407, CVE-2017-15129, CVE-2017-16994, CVE-2017-17448, CVE-2017-17450, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2018-1000026, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344, CVE-2018-8043
SHA-256 | f8553fc2b1fbe9a47e2b4b2ce0f11da61f2c04cd45e5a0719d72c05c601fef36
Red Hat Security Advisory 2018-1062-01
Posted Apr 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1062-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, bypass, denial of service, randomization, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2016-3672, CVE-2016-7913, CVE-2016-8633, CVE-2017-1000252, CVE-2017-1000407, CVE-2017-1000410, CVE-2017-12154, CVE-2017-12190, CVE-2017-13166, CVE-2017-14140, CVE-2017-15116, CVE-2017-15121, CVE-2017-15126, CVE-2017-15127, CVE-2017-15129, CVE-2017-15265, CVE-2017-17448, CVE-2017-17449, CVE-2017-17558, CVE-2017-18017, CVE-2017-18203, CVE-2017-7294, CVE-2017-8824, CVE-2017-9725, CVE-2018-1000004, CVE-2018-5750
SHA-256 | fbeade70a9a2b1fd9926eaf605a9a3afcda14c9b6e58abd7aae2926d31ecbaa9
Red Hat Security Advisory 2018-0676-01
Posted Apr 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0676-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2016-3672, CVE-2016-7913, CVE-2016-8633, CVE-2017-1000252, CVE-2017-1000407, CVE-2017-1000410, CVE-2017-12154, CVE-2017-12190, CVE-2017-13166, CVE-2017-14140, CVE-2017-15116, CVE-2017-15121, CVE-2017-15126, CVE-2017-15127, CVE-2017-15129, CVE-2017-15265, CVE-2017-17053, CVE-2017-17448, CVE-2017-17449, CVE-2017-17558, CVE-2017-18017, CVE-2017-18203, CVE-2017-7294, CVE-2017-8824, CVE-2017-9725, CVE-2018-1000004
SHA-256 | 760529e5784a4c45d323b6b90d60c38cfaa4a399d95492fd1f96c65cfeea827b
Red Hat Security Advisory 2018-0654-01
Posted Apr 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0654-01 - The kernel-alt packages provide the Linux kernel version 4.x. The following packages have been upgraded to a later upstream version: kernel-alt. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-1000255, CVE-2017-1000410, CVE-2017-11473, CVE-2017-12190, CVE-2017-15129, CVE-2017-15299, CVE-2017-17448, CVE-2017-17449, CVE-2018-1000004, CVE-2018-6927
SHA-256 | 46213a5d7256ccc486e09644da5d4a3741fa2506819b7e2725344f3ca8bb31cb
Ubuntu Security Notice USN-3619-2
Posted Apr 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3619-2 - USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-1000407, CVE-2017-11472, CVE-2017-15129, CVE-2017-16528, CVE-2017-16532, CVE-2017-16536, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16649, CVE-2017-16650, CVE-2017-16911, CVE-2017-16912, CVE-2017-16913, CVE-2017-16914, CVE-2017-16994, CVE-2017-16995, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807
SHA-256 | 38b18f0521488f7e9524a5f8e492f7ad41f5c91d876a8aea56b6215d3c63309b
Ubuntu Security Notice USN-3620-2
Posted Apr 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3620-2 - USN-3620-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-11089, CVE-2017-12762, CVE-2017-17448, CVE-2017-17741, CVE-2017-17805, CVE-2017-17807, CVE-2017-5715, CVE-2018-1000026, CVE-2018-5332
SHA-256 | d798485e3bbd4692b62e40f7dd3bc4665b87003190226b4bceb08a4ce5ba5f99
Ubuntu Security Notice USN-3620-1
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3620-1 - It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-11089, CVE-2017-12762, CVE-2017-17448, CVE-2017-17741, CVE-2017-17805, CVE-2017-17807, CVE-2018-1000026, CVE-2018-5332
SHA-256 | 5bad86a1b836a836f77b374d0dce05b619b4080fa156e54af36ae9ff36d98185
Ubuntu Security Notice USN-3619-1
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3619-1 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-1000407, CVE-2017-11472, CVE-2017-15129, CVE-2017-16528, CVE-2017-16532, CVE-2017-16536, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16649, CVE-2017-16650, CVE-2017-16911, CVE-2017-16912, CVE-2017-16913, CVE-2017-16914, CVE-2017-16994, CVE-2017-16995, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807
SHA-256 | c6a6f41fea45fbea18a8b7d6e773995876e32e44e04595bd392e7b20c000dc48
Ubuntu Security Notice USN-3617-3
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3617-3 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-15129, CVE-2017-16532, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-16994, CVE-2017-17448, CVE-2017-17450, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2017-18204, CVE-2018-1000026, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344
SHA-256 | 448337d0f05b0a41584005e6cc61e3ade46f16a30a520f6de2809982cf2960d2
Debian Security Advisory 4082-1
Posted Jan 10, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4082-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2017-1000407, CVE-2017-1000410, CVE-2017-15868, CVE-2017-16538, CVE-2017-16939, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2017-5754, CVE-2017-8824
SHA-256 | 347c611935bac535fc1ce2315b4501495b8f7bd67bd16039884f09a909a4602d
Ubuntu Security Notice USN-3617-2
Posted Apr 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3617-2 - USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-1000407, CVE-2017-15129, CVE-2017-16532, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-16994, CVE-2017-17448, CVE-2017-17450, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2017-18204, CVE-2018-1000026, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344
SHA-256 | 0f276e7a9b2bfbe06e0d855d178a4c603928a7a485688ab62d5262889acef454
Ubuntu Security Notice USN-3617-1
Posted Apr 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3617-1 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service in the host OS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-1000407, CVE-2017-15129, CVE-2017-16532, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-16994, CVE-2017-17448, CVE-2017-17450, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2017-18204, CVE-2018-1000026, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344
SHA-256 | fe4a210e922b4739e377a7859b8122e447d7ffe0cc9c2252e70ad5829f91e7d1
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close