exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2017-7477

Status Candidate

Overview

Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.

Related Files

Red Hat Security Advisory 2017-1615-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1615-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list->frag_list) in the socket buffer. The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system.

tags | advisory, remote, overflow, kernel
systems | linux, redhat
advisories | CVE-2017-2583, CVE-2017-6214, CVE-2017-7477, CVE-2017-7645, CVE-2017-7895
SHA-256 | f1988095293b1d64049e46bd41403517aff425f5b6ac9160c3403479e585fd90
Red Hat Security Advisory 2017-1616-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1616-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-1000364, CVE-2017-2583, CVE-2017-6214, CVE-2017-7477, CVE-2017-7645, CVE-2017-7895
SHA-256 | 8aecb00d2b9667bdf5d8c27595fddfad109f0a2bfd6bc403167c8298e434ebc5
Ubuntu Security Notice USN-3293-1
Posted May 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3293-1 - Dmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service in the host OS. Dmitry Vyukov discovered that the generic SCSI subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-2596, CVE-2017-7187, CVE-2017-7261, CVE-2017-7294, CVE-2017-7477, CVE-2017-7616
SHA-256 | 28157ece7b6c36fc871846f3ef26802654c9896b6d03a1845e875c1ba8ff42c5
Ubuntu Security Notice USN-3292-2
Posted May 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3292-2 - USN-3292-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Jason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2017-7477
SHA-256 | c70c25536e78eb1d5e5730eb6cfcbdfa1a826986f0778fd2b9aafa9670420171
Ubuntu Security Notice USN-3292-1
Posted May 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3292-1 - Jason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2017-7477
SHA-256 | 15becdcfe59fab923e4f0382140bc6a53bdcc9af8157e9c595c1154313cb3a28
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close