what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Linux Kernel Sendpage Local Privilege Escalation
Posted Jul 19, 2012
Authored by Brad Spengler, Ramon de C Valle, Tavis Ormandy, Julien Tinnes, egypt | Site metasploit.com

The Linux kernel failed to properly initialize some entries the proto_ops struct for several protocols, leading to NULL being derefenced and used as a function pointer. By using mmap(2) to map page 0, an attacker can execute arbitrary code in the context of the kernel. Several public exploits exist for this vulnerability, including spender's wunderbar_emporium and rcvalle's ppc port, sock_sendpage.c. All Linux 2.4/2.6 versions since May 2001 are believed to be affected: 2.4.4 up to and including 2.4.37.4; 2.6.0 up to and including 2.6.30.4

tags | exploit, arbitrary, kernel, protocol, ppc
systems | linux
advisories | CVE-2009-2692
SHA-256 | 9bd69f05ada8cee6b76af8cc4636ab3a3a49a49bfad809f7b97fefaea4e48bb0

Related Files

Ubuntu Security Notice USN-1539-1
Posted Aug 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1539-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | 5f1ac3455cca303b5f6aca689847449cc9dd5b0bb1082518a0a561ff16855b85
Ubuntu Security Notice USN-1538-1
Posted Aug 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1538-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2372, CVE-2012-2390, CVE-2012-2136, CVE-2012-2372, CVE-2012-2390
SHA-256 | b1621261e387c4866383d13410d8707d10ed518cc87e960bb61a013fc5ba3fed
Red Hat Security Advisory 2012-1156-01
Posted Aug 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1156-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the i915_gem_execbuffer2() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. A missing initialization flaw was found in the sco_sock_getsockopt_old() function in the Linux kernel's Bluetooth implementation. A local, unprivileged user could use this flaw to cause an information leak.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2011-1078, CVE-2012-2383
SHA-256 | fbd1918309805b53a8e1ad016730e6bf9f865aba9924026c70184a097b192aec
Ubuntu Security Notice USN-1535-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1535-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. An error was discovered in the Linux kernel's memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2390, CVE-2012-2136, CVE-2012-2390
SHA-256 | 45a19fe276e735d415cd1a01153d8aaa18717189a56c96cfbb4d88c50dcddecc
Ubuntu Security Notice USN-1534-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1534-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. An error was discovered in the Linux kernel's memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2390, CVE-2012-2136, CVE-2012-2390
SHA-256 | 5ac3c3a851b0545ddc164371fc5ad555f111ce1cb5d2b35278736b9365d66c52
Ubuntu Security Notice USN-1533-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1533-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | 5082c7fb8f2daf682cfc7378525c60b86fbdff934daf85b48b38b2fb8e3e9935
Ubuntu Security Notice USN-1532-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1532-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | d3bc5635bb481cc6a0e193e3e7c9e9b74aef3286e675b23aa6d47538518c4356
Ubuntu Security Notice USN-1531-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1531-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2372, CVE-2012-2390, CVE-2012-2136, CVE-2012-2372, CVE-2012-2390
SHA-256 | 02e8241e6bf305aa37396622b58304e85b75430ea8d557a9abfcab876e316fe7
Ubuntu Security Notice USN-1530-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1530-1 - Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4131, CVE-2012-2123, CVE-2012-2136, CVE-2012-2313, CVE-2012-2319, CVE-2012-2372, CVE-2012-2375, CVE-2011-4131, CVE-2012-2123, CVE-2012-2136, CVE-2012-2313, CVE-2012-2319, CVE-2012-2372, CVE-2012-2375
SHA-256 | 1182d44ab2f37a093d4b3adc952b3b7cbf5002be8d366863ba89dea8ab42ea57
Ubuntu Security Notice USN-1529-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1529-1 - A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privileged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2119, CVE-2012-2136, CVE-2012-2137, CVE-2012-2372, CVE-2012-2373, CVE-2012-3364, CVE-2012-3375, CVE-2012-3400, CVE-2012-2119, CVE-2012-2136, CVE-2012-2137, CVE-2012-2372, CVE-2012-2373, CVE-2012-3364, CVE-2012-3375, CVE-2012-3400
SHA-256 | e952789bbefd461e15d40316c4fbdd6eac86480773556aab5265687085c3d735
Ubuntu Security Notice USN-1514-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1514-1 - A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privileged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2119, CVE-2012-2136, CVE-2012-2137, CVE-2012-2372, CVE-2012-2373, CVE-2012-3364, CVE-2012-3375, CVE-2012-3400, CVE-2012-2119, CVE-2012-2136, CVE-2012-2137, CVE-2012-2372, CVE-2012-2373, CVE-2012-3364, CVE-2012-3375, CVE-2012-3400
SHA-256 | e1c10bba69a8a49308a988c308242a9abe24b1f355d1cf1a0609f14097f65f5c
Red Hat Security Advisory 2012-1150-01
Posted Aug 9, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1150-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A memory leak flaw was found in the way the Linux kernel's memory subsystem handled resource clean up in the mmap() failure path when the MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to cause a denial of service. A flaw was found in the way the Linux kernel's Event Poll subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, redhat
advisories | CVE-2012-2390, CVE-2012-3375
SHA-256 | ae00975626e02e5ada9e4945acd141f5cbeff3aa43a79e3f31e93828f49e39d6
Red Hat Security Advisory 2012-1148-01
Posted Aug 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1148-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2012-2744
SHA-256 | baa3650c927f75b71009e6046fdee38dd97700186f1927162b03c07e62ab28f7
Red Hat Security Advisory 2012-1129-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1129-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2011-1083, CVE-2012-2744
SHA-256 | 6c0b4a58bbe502f34d3cdba3053094775341e381fd60d5e809bd0de7e804b918
Red Hat Security Advisory 2012-1114-01
Posted Jul 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1114-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2012-2744
SHA-256 | 737ca44d3c22f02002125758603606b3bf1912e7077558158feefff2fb692236
Ubuntu Security Notice USN-1515-1
Posted Jul 23, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1515-1 - An error was discovered in the Linux kernel's memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2390
SHA-256 | 908d6a9a0c0821a79bc5cf79e57840b3dad2e4da19e3a8fd156866d4b8a0c82b
Ubuntu Security Notice USN-1508-1
Posted Jul 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1508-1 - An error was discovered in the Linux kernel's memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2390
SHA-256 | f96ecd0c79ded94b46672835106ed3ee93cec325c6aea648c545e47aa4af9647
Ubuntu Security Notice USN-1507-1
Posted Jul 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1507-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. An error was found in the Linux kernel's IPv6 netfilter when connection tracking is enabled. A remote attacker could exploit this flaw to crash a system if it is using IPv6 with the nf_contrack_ipv6 kernel module loaded. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-1601, CVE-2012-2744, CVE-2012-1601, CVE-2012-2744
SHA-256 | 16f2b75936f467bc23ca10f8ddc7c026a0d723c0ceef279e65985417b73730bc
Red Hat Security Advisory 2012-1087-01
Posted Jul 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1087-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2012-2136
SHA-256 | 7e8f5f94bf72960a538fad4d42725e9aea5da69c5f9846af245aac6310ae2bd3
Red Hat Security Advisory 2012-1061-01
Posted Jul 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1061-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The fix for CVE-2011-1083 introduced a flaw in the way the Linux kernel's Event Poll subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2012-3375
SHA-256 | bd4450f5aaf091e6c0f8efa019a9db94ebd1426bb8355f7c4d43b175d6c66f51
Red Hat Security Advisory 2012-1064-01
Posted Jul 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1064-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2012-2744, CVE-2012-2745
SHA-256 | 0852eec4bdd3e4bd9f3b62617cce1230392a218607fdd7e60df4b80eb3789675
Ubuntu Security Notice USN-1499-1
Posted Jul 9, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1499-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2012-2375
SHA-256 | ef05151a339827bd665036be138d551449abec4cd1acf946dbcc634acafed160
Linux Kernel Local Denial Of Service
Posted Jul 5, 2012
Authored by Yurij M. Plotnikov

The Linux kernel suffers from a local denial of service vulnerability in fs/eventpoll.c.

tags | exploit, denial of service, kernel, local
systems | linux
advisories | CVE-2012-3375
SHA-256 | ae684ab734eecff046df417d7c7d68dd048faaf0572bbcf23b25dd857d7448f8
Secunia Security Advisory 49737
Posted Jul 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local
systems | linux
SHA-256 | ad3e2da730146b86941c4ba52f72b1d4614d0872d2b0fde3e416247ea43b7678
Ubuntu Security Notice USN-1494-1
Posted Jul 2, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1494-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2012-2375
SHA-256 | f137e62a4681a574d3de6129ce4e63221ef6ad665fac5aa66f74a74d396ed2ef
Page 1 of 4
Back1234Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close