LinuxQuestions.org
Page 18 of 20 « First 81617 18 1920
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Kernel Vulns (https://www.linuxquestions.org/questions/linux-security-4/kernel-vulns-399624/)

win32sux 03-22-2011 10:11 AM
Linux Kernel Memory Leak Weaknesses
 
Quote:
Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose system information.

1) The "do_replace()", "compat_do_replace()", and "do_arpt_get_ctl()" functions in net/ipv4/netfilter/arp_tables.c do not properly terminate members of certain structures, which can be exploited to disclose certain kernel memory.

2) The "do_replace()", "compat_do_replace()", and "do_ipt_get_ctl()" functions in net/ipv4/netfilter/ip_tables.c do not properly terminate members of certain structures, which can be exploited to disclose certain kernel memory.

3) The "do_replace()", "compat_do_replace()", and "do_ip6t_get_ctl()" functions in net/ipv6/netfilter/ip6_tables.c do not properly terminate members of certain structures, which can be exploited to disclose certain kernel memory.

Successful exploitation of these weaknesses requires "CAP_NET_ADMIN" capabilities.
Secunia Advisory

win32sux 03-25-2011 09:51 AM
Linux Kernel ROSE Multiple Vulnerabilities
 
Quote:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system.

The vulnerabilities are caused due to various errors within the implementation of the ROSE protocol and can be exploited to e.g. cause memory corruptions via specially crafted FAC_CCITT_DEST_NSAP or FAC_CCITT_SRC_NSAP fields.
Secunia Advisory

win32sux 03-25-2011 09:55 AM
Linux Kernel "iriap_getvaluebyclass_indication()" Buffer Overflows
 
Quote:
Two vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

The vulnerabilities are caused due to boundary errors within the "iriap_getvaluebyclass_indication()" function in net/irda/iriap.c, which can be exploited to cause stack-based buffer overflows via overly long names or attributes.
Secunia Advisory

win32sux 04-01-2011 02:47 AM
Linux Kernel OCFS2 Sparse Writes Information Disclosure Weakness
 
Quote:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.

The weakness is caused due to an error within the OCFS2 file system when handling sparse writes with holes spanning across page boundaries, which can be exploited to e.g. disclose the content of previously manipulated files via sparse writes.
Secunia Advisory

win32sux 04-11-2011 08:18 PM
Linux Kernel "inotify_init1()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a double-free error within the implementation of the "inotify_init1()" system call, which can be exploited to e.g. cause a kernel crash.
Secunia Advisory

win32sux 04-12-2011 09:54 AM
Linux Kernel "mremap()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of expanding "mremap()" calls, which can be exploited to cause a "BUG_ON()".
Secunia Advisory

win32sux 04-21-2011 10:47 PM
Linux Kernel "next_pidmap()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "next_pidmap()" function in kernel/pid.c, which can be exploited to cause a kernel crash by e.g. initiating a specially crafted "getdents()" system call.
Secunia Advisory

win32sux 04-21-2011 10:51 PM
Linux Kernel "bcm_release()" NULL Pointer Dereference Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL pointer dereference error within the "bcm_release()" function in net/can/bcm.c, which can be exploited to e.g. cause a kernel crash.
Secunia Advisory

win32sux 04-23-2011 01:20 AM
Linux Kernel Denial of Service and Privilege Escalation Vulnerabilities
 
Quote:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

1) Integer overflow errors within the "agp_generic_insert_memory()" and "agp_generic_remove_memory()" function in drivers/char/agp/generic.c can be exploited to cause a buffer overflow via e.g. specially crafted AGPIOC_BIND and AGPIOC_UNBIND IOCTLs.

2) The implementation of the AGPIOC_RESERVE and AGPIOC_ALLOCATE IOCTLs does not properly handle and track memory allocations, which can be exploited to cause an OOM (Out Of Memory) situation.

Successful exploitation requires access to the "/dev/agpgart" device (usually group "video").
Secunia Advisory

win32sux 05-11-2011 10:27 AM
Linux Kernel Bluetooth Memory Leak Weaknesses
 
Quote:
Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose certain system information.

1) The "l2cap_sock_getsockopt_old()" function in net/bluetooth/l2cap_sock.c does not properly initialise a structure before copying it to userspace, which can be exploited to disclose kernel stack memory.

2) The "rfcomm_sock_getsockopt_old()" function in net/bluetooth/rfcomm/sock.c does not properly initialise a structure before copying it to userspace, which can be exploited to disclose kernel stack memory.
Secunia Advisory

win32sux 05-21-2011 09:06 AM
Linux Kernel "ip_expire()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "ip_expire()" function in net/ipv4/ip_fragment.c, which can be exploited to cause a crash by e.g. sending fragmented packets to the system.
Secunia Advisory

win32sux 06-01-2011 12:12 AM
Linux Kernel "key_replace_session_keyring()" NULL Pointer Dereference Denial of Service
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "key_replace_session_keyring()" function in security/keys/process_keys.c, which can be exploited to cause a NULL pointer dereference and e.g. crash the kernel.

The vulnerability is reported in version 2.6.39. Other versions may also be affected.
Secunia Advisory

win32sux 06-03-2011 10:33 PM
Linux Kernel KSM Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a race condition within the "scan_get_next_rmap_item()" function in mm/ksm.c and can be exploited to cause a kernel crash.

The vulnerability is reported in version 2.6.39. Other versions may also be affected.
Secunia Advisory

win32sux 06-21-2011 10:14 AM
Linux Kernel Transparent Hugepage Support Denial of Service Weakness
 
Quote:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The weakness is caused due to an error within the Transparent Hugepage (THP) support in mm/huge_memory.c when MADV_HUGEPAGE regions are configured and can be exploited to cause a kernel panic.

The weakness is reported in version 2.6.39.1. Other versions may also be affected.
Secunia Advisory

win32sux 07-14-2011 10:24 PM
Linux Kernel GFS2 "gfs2_fallocate()" Denial of Service Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to the "gfs2_fallocate()" function in fs/gfs2/file.c not properly ensuring that allocated bytes are aligned, which can be exploited to cause a "BUG()".
Secunia Advisory


All times are GMT -5. The time now is 05:06 AM.
Page 18 of 20 « First 81617 18 1920
Show 50 post(s) from this thread on one page