LinuxQuestions.org
Page 10 of 20 « First 89 10 1112 Last »
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Kernel Vulns (https://www.linuxquestions.org/questions/linux-security-4/kernel-vulns-399624/)

win32sux 12-05-2008 02:01 AM
Linux Kernel PARISC "parisc_show_stack()" Denial of Service
 
Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "parisc_show_stack()" function when trying to unwind a stack containing userspace addresses, which can be exploited to crash a vulnerable system.

Successful exploitation requires that the kernel is running on a PARISC 32bit or 64bit machine.

Solution:
Fixed in version 2.6.28-rc7.
Secunia Advisory | Bugtraq

win32sux 12-05-2008 05:26 PM
Linux 2.6.27.8 has been released.
 
It includes at least one security fix (CVE-2008-5300).

The full changelog is here.

win32sux 12-13-2008 06:20 PM
Linux 2.6.27.9 has been released.
 
It includes at least one security fix.
Quote:
ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table

commit 17b24b3c97498935a2ef9777370b1151dfed3f6f upstream.

As reported by Hugo Dias that it is possible to cause a local denial
of service attack by calling the svc_listen function twice on the same
socket and reading /proc/net/atm/*vc
ChangeLog | CVE-2008-5079

win32sux 01-15-2009 01:00 PM
Linux Kernel 64bit ABI System Call Parameter Sign Extension Security Issue
 
Quote:
A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to potentially cause a DoS (Denial of Service) or gain escalated privileges.

The security issue is caused due to the kernel accepting certain 32bit parameters passed in a 64bit register from userspace without ensuring that the value is correctly sign extended. This may be exploited to crash a system or potentially gain escalated privileges by passing specially crafted parameters to affected system calls.

Reportedly, the following architectures use a vulnerable ABI system when running a 64bit kernel and a 64bit userspace:
* S390
* PowerPC
* SPARC64
* MIPS
Secunia Advisory | CVE-2009-0029

win32sux 01-19-2009 04:24 PM
Linux Kernel "keyctl_join_session_keyring()" Denial of Service
 
Quote:
A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a memory leak within the "keyctl_join_session_keyring()" function in security/keys/keyctl.c and can be exploited to exhaust all available memory.
Secunia Advisory | CVE-2009-0031

win32sux 01-26-2009 05:06 PM
Linux Kernel dell_rbu Denial of Service Security Issues
 
Quote:
Description:
Two security issues have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The security issues are caused due to errors within the "read_rbu_image_type()" and "read_rbu_packet_size()" functions in drivers/firmware/dell_rbu.c and can be exploited to crash a vulnerable system by e.g. reading zero bytes from /sys/devices/platform/dell_rbu/image_type or /sys/devices/platform/dell_rbu/packet_size.

Solution:
Update to version 2.6.27.13 or 2.6.28.2.
Secunia Advisory

win32sux 02-04-2009 12:10 PM
Linux Kernel Denial of Service Vulnerabilities
 
Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).

1) A vulnerability is caused due to an error within the "make_indexed_dir()" function in fs/ext3/namei.c, which can be exploited to e.g. crash a system via a specially crafted Ext3 system.

2) A vulnerability is caused due to an error within the "inotify_read()" function in fs/notify/inotify/inotify_user.c, which can result in the device's list mutex being unlocked twice. This can be exploited to e.g. cause a system crash by passing an invalid pointer to the "read()" function of an inotify instance while simultaneously accessing it from different tasks.

The vulnerabilities are reported in versions prior to 2.6.27.14 and 2.6.28.3. Other versions may also be affected.

Solution:
Update to version 2.6.27.14 and 2.6.28.3.
Secunia Advisory

win32sux 02-11-2009 04:58 PM
Linux Kernel Console Selection Local Privilege Escalation Vulnerability
 
Quote:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges or crash the affected kernel, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28.4 are vulnerable.
Bugtraq

GazL 02-12-2009 08:40 AM
Quote:
Originally Posted by win32sux (Post 3440238)
If this is:
Quote:
Fix memory corruption in console selection
commit 878b8619f711280fd05845e21956434b5e588cc4 upstream.
... then for those sticking with the 27.x branch, it looks like it's also fixed in 2.6.27.15.


PS. Thanks for posting these win32sux. As my distro of choice doesn't tend to update the kernel except in the most severe cases, I find your announcements here invaluable.

unSpawn 02-12-2009 03:45 PM
Yeah, you have my gratitude as well. Keep up the good work win32sux!

win32sux 02-12-2009 05:39 PM
Linux Kernel Kprobe Memory Corruption Vulnerability
 
Glad to be of service, guys! :)

Quote:
The Linux kernel is prone to a memory-corruption vulnerability because of a design flaw in the Kprobe system.

Local attackers could exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with kernel-level privileges, but this has not been confirmed.

Versions prior to Linux kernel 2.6.28.5 are vulnerable.
Bugtraq

win32sux 02-17-2009 06:07 PM
Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
 
Quote:
The Linux Kernel is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to read or write to unintended address spaces. This may result in denial-of-service conditions, the disclosure of sensitive information, or privilege escalation.

This issue affects versions prior to Linux 2.6.28.6 on some 64-bit architectures, including s390, PowerPC, SPARC64, and MIPS. Additional architectures may also be affected.
Bugtraq | CVE-2009-0029

win32sux 02-20-2009 11:42 AM
Linux Kernel SysKonnect FDDI Driver Statistics Reset Security Bypass
 
Quote:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.

The weakness is caused due to a logic error within the "skfp_ioctl()" function in drivers/net/skfp/skfddi.c, which can be exploited to reset the driver statistics without having CAP_NET_ADMIN capabilities.

The weakness is reported in versions prior to 2.6.27.18 and 2.6.28.6.
Secunia Advisory

win32sux 02-20-2009 05:36 PM
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
 
Quote:
The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Versions prior to Linux Kernel 2.6.28.6 are vulnerable.
Bugtraq

craigevil 02-20-2009 08:42 PM
Gotta love sidux, slh keeps the kernel updated.

2.6.28-7.slh.1-sidux-686


All times are GMT -5. The time now is 12:51 PM.
Page 10 of 20 « First 89 10 1112 Last »
Show 50 post(s) from this thread on one page