exploit the possibilities
Showing 1 - 25 of 26 RSS Feed

CVE-2018-1092

Status Candidate

Overview

The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.

Related Files

Gentoo Linux Security Advisory 201904-06
Posted Apr 2, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-6 - Multiple vulnerabilities have been found in GlusterFS, the worst of which could result in the execution of arbitrary code. Versions less than 4.1.8 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-10841, CVE-2018-1088, CVE-2018-10904, CVE-2018-10907, CVE-2018-10911, CVE-2018-10913, CVE-2018-10914, CVE-2018-10923, CVE-2018-10924, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, CVE-2018-14651, CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660, CVE-2018-14661
SHA-256 | 043fd8e80fc0cf57260f877078d16e4c53b33b4af150e6f0c8c6dc52016164d4
Red Hat Security Advisory 2018-3816-01
Posted Dec 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include memory disclosure and client-side security problems.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2018-1053, CVE-2018-1058, CVE-2018-10915, CVE-2018-10925
SHA-256 | 5babb9742f0b837b18016ae6e3fd236587c37fab6420f152508b801587269e6c
Red Hat Security Advisory 2018-3470-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3470-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, denial of service, deserialization, and format string vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-10858, CVE-2018-10873, CVE-2018-10904, CVE-2018-10907, CVE-2018-10911, CVE-2018-10913, CVE-2018-10914, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660, CVE-2018-14661
SHA-256 | 9e8155ff0d32478283821315ef01b373ffb94a7f3e9c04679d7c9bfd1ff773d5
Gentoo Linux Security Advisory 201810-08
Posted Oct 31, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201810-8 - Multiple vulnerabilities have been found in PostgreSQL, the worst which could lead to privilege escalation. Versions less than 10.5 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2018-10915, CVE-2018-10925, CVE-2018-1115
SHA-256 | debe17bd797552196004c1bd035d68c747b8acf9c1fd29e8fcd59615fb655e2c
Red Hat Security Advisory 2018-2948-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2948-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer overflow, bypass, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-13166, CVE-2017-16648, CVE-2017-17805, CVE-2017-17806, CVE-2017-18075, CVE-2017-18208, CVE-2017-18344, CVE-2018-1000026, CVE-2018-1000200, CVE-2018-1000204, CVE-2018-10322, CVE-2018-1065, CVE-2018-1068, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879, CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1095, CVE-2018-1118, CVE-2018-1120
SHA-256 | b5ac1428b03d1ab918a3b26b7b8a361284bcfa618164f1b2afd1b27d505a0549
Red Hat Security Advisory 2018-3083-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3083-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2018-1000026, CVE-2018-10322, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-13405, CVE-2018-5344, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7740
SHA-256 | 51bb55b468c741de6d34c15b15988a77197b07fcb781827141ad9999e1700fdc
Red Hat Security Advisory 2018-3096-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3096-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2018-1000026, CVE-2018-10322, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-13405, CVE-2018-5344, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7740
SHA-256 | 7f59a96ea0227aec7452145ed2d1a67c0ed1e187e5b7fdd0814bef1fa260bd64
Red Hat Security Advisory 2018-2607-01
Posted Sep 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2607-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include buffer overflow, denial of service, deserialization, local file inclusion, and remote file inclusion vulnerabilities.

tags | advisory, remote, denial of service, overflow, local, vulnerability, file inclusion
systems | linux, redhat
advisories | CVE-2018-10904, CVE-2018-10907, CVE-2018-10911, CVE-2018-10913, CVE-2018-10914, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930
SHA-256 | 1869d3dbb0d19201b396114a7ac010439cd91183d33b11fbfc38ece6f506392a
Red Hat Security Advisory 2018-2608-01
Posted Sep 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2608-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include buffer overflow, denial of service, and deserialization vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-10904, CVE-2018-10907, CVE-2018-10911, CVE-2018-10913, CVE-2018-10914, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930
SHA-256 | dbc1eee9743f4815426c0555b3ae9015f27350b74fb56d7d1bb32c22f9a3a6ae
Red Hat Security Advisory 2018-2566-01
Posted Aug 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2566-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a client-side security defense vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-15098, CVE-2017-15099, CVE-2018-1053, CVE-2018-1058, CVE-2018-10915, CVE-2018-10925, CVE-2018-1115
SHA-256 | 649f115a5ba63c8d907307cbe47bfc473e9c62f89295c50c0d2cf506f40c295d
Red Hat Security Advisory 2018-2565-01
Posted Aug 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2565-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include client-side defense vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2018-10915, CVE-2018-10925, CVE-2018-1115
SHA-256 | 465541ea0c3b67ecdb7640e1849255b472b52b1d12a055c7a628fbee5ef23dc5
Red Hat Security Advisory 2018-2511-01
Posted Aug 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2511-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a memory disclosure vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-15098, CVE-2017-15099, CVE-2018-1053, CVE-2018-1058, CVE-2018-10915, CVE-2018-10925
SHA-256 | 4ca4c3db9cbd55205ea2c05acb3d63b066329838d8eabd3c12d93281db527f5f
Ubuntu Security Notice USN-3744-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3744-1 - Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10915, CVE-2018-10925
SHA-256 | 10c7a46516045ae2ad89d98e1e273b9ca69727a9da14ccba89173432684540ae
Kernel Live Patch Security Notice LSN-0040-1
Posted Jul 5, 2018
Authored by Benjamin M. Romer

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2018-1092, CVE-2018-1093, CVE-2018-3665, CVE-2018-7755
SHA-256 | d714af351ebe0661ff777dd209b5eddccb3e9cea04d0ba77486507fcb340f6d4
Ubuntu Security Notice USN-3678-4
Posted Jun 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
SHA-256 | 70613b1dd8bebafbf47b8ff616c76fc30f6a92857dbf198e9f0fbe3db6e8e22f
Ubuntu Security Notice USN-3678-3
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-3 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
SHA-256 | cd986165b71b4e1378a506b88fdc3586bf913dc90d9ee4980df28a9ccdd51d32
Ubuntu Security Notice USN-3678-2
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-2 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
SHA-256 | a861ba565ba75730506975483096a29474b6446046659bf6e8bc9e3df22fa857
Ubuntu Security Notice USN-3678-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
SHA-256 | e57ad84d6b9ea0b9108c4cf7c2d832048db4d2b4aed6a99107c3c23eb19672ed
Ubuntu Security Notice USN-3677-2
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3677-2 - USN-3677-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1068, CVE-2018-1092, CVE-2018-7492, CVE-2018-8087, CVE-2018-8781
SHA-256 | c1953b1b76f2fb20d0c04031dff7e5d9392ec2f294f04ffe2f9f4493d60089fc
Ubuntu Security Notice USN-3677-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3677-1 - It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1068, CVE-2018-1092, CVE-2018-7492, CVE-2018-8087, CVE-2018-8781
SHA-256 | b9917730793499eb901655a084ddb9a923d7d0df94773d6f89265ffa68e26866
Ubuntu Security Notice USN-3676-2
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3676-2 - USN-3676-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1092, CVE-2018-1093, CVE-2018-10940, CVE-2018-8087
SHA-256 | b4830110117fbba4ebcb3aed886d7a8ee5e4bde656c36861c7100ec0c951e607
Ubuntu Security Notice USN-3676-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3676-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1092, CVE-2018-1093, CVE-2018-10940, CVE-2018-8087
SHA-256 | 9eb8e7aa9a0d4aa6ddced7f3c8e17089dc358de41a491f619dde8e9fa99a51e9
Kernel Live Patch Security Notice LSN-0039-1
Posted May 28, 2018
Authored by Benjamin M. Romer

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux
advisories | CVE-2017-17862, CVE-2018-1000004, CVE-2018-1092, CVE-2018-1093, CVE-2018-8087
SHA-256 | 0e3788ff5b92bdb81c16b39e96e620f55d7e00317265a10546173540afa06d71
Slackware Security Advisory - Slackware 14.2 kernel Updates
Posted May 22, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix a regression in the getsockopt() function and to fix two denial-of-service security issues.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2018-1000004, CVE-2018-1092
SHA-256 | 1256fc37bd7798ca0038f9ea2c63351eac1f24df934e86d4c82697a7436ab1e3
Debian Security Advisory 4188-1
Posted May 3, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4188-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2017-17975, CVE-2017-18193, CVE-2017-18216, CVE-2017-18218, CVE-2017-18222, CVE-2017-18224, CVE-2017-18241, CVE-2017-18257, CVE-2017-5715, CVE-2017-5753, CVE-2018-1000199, CVE-2018-10323, CVE-2018-1065, CVE-2018-1066, CVE-2018-1068, CVE-2018-1092, CVE-2018-1093, CVE-2018-1108, CVE-2018-5803, CVE-2018-7480, CVE-2018-7566, CVE-2018-7740, CVE-2018-7757, CVE-2018-7995, CVE-2018-8087, CVE-2018-8781, CVE-2018-8822
SHA-256 | c04940bd4f6e00821a6373ebaafc1e5cd084607d9b3667203e468f8e5190068a
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close