exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2021-3178

Status Candidate

Overview

** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior.

Related Files

BRAKTOOTH: Causing Havoc On Bluetooth Link Manager
Posted Sep 3, 2021
Authored by Vaibhav Bedi, Matheus E. Garbelini, Ernest Kurniawan, Sudipta Chattopadhyay, Sumei Sun | Site asset-group.github.io

This whitepaper discusses BRAKTOOTH, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.

tags | advisory, paper, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2021-28135, CVE-2021-28136, CVE-2021-28139, CVE-2021-28155, CVE-2021-31609, CVE-2021-31610, CVE-2021-31611, CVE-2021-31612, CVE-2021-31613, CVE-2021-31717, CVE-2021-31785, CVE-2021-31786, CVE-2021-34143, CVE-2021-34144, CVE-2021-34145, CVE-2021-34146, CVE-2021-34147, CVE-2021-34148, CVE-2021-34149, CVE-2021-34150
SHA-256 | ec29de4f145eee5ced7ab6a0c5389c72ee16a987352a4373d9ef5da684cef2ac
Ubuntu Security Notice USN-4912-1
Posted Apr 13, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4912-1 - Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-0423, CVE-2020-0465, CVE-2020-0466, CVE-2020-14351, CVE-2020-14390, CVE-2020-25285, CVE-2020-25645, CVE-2020-25669, CVE-2020-27830, CVE-2020-36158, CVE-2021-20194, CVE-2021-29154, CVE-2021-3178, CVE-2021-3411
SHA-256 | 590166453ec29f1473b4cb64bcf7651991eb909ac482b366e52b4648a1f60409
Ubuntu Security Notice USN-4910-1
Posted Apr 13, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4910-1 - Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability. It was discovered that the BPF verifier in the Linux kernel did not properly handle signed add32 and sub integer overflows. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-20239, CVE-2021-20268, CVE-2021-3178, CVE-2021-3347, CVE-2021-3348
SHA-256 | 8e4b3413e5d7c506ac25a3356a8b323420a5e989c73ed5936ead133c16473039
Ubuntu Security Notice USN-4878-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4878-1 - It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-36158, CVE-2021-20239, CVE-2021-3178, CVE-2021-3347
SHA-256 | df5ccf6b30eb1254c2f01c301d72cd7482fb7ffb88f401f19a6a70416eccfa20
Ubuntu Security Notice USN-4877-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4877-1 - It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. 吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-36158, CVE-2021-3178
SHA-256 | bf702878d4fedd9a8fe918e548160de8ead68fc9d18a9edf1f4136790883d8f3
Ubuntu Security Notice USN-4876-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4876-1 - Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-29569, CVE-2020-36158, CVE-2021-3178
SHA-256 | b36c8cff2593853a43cf7d61e021f4d82031dfd7518050e64ed110490d8735e4
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    21 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close