Next Page >>
Linux kernel
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always
follow NFS automount symlinks, which allows attackers to have an
unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088)
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem
in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always
follow NFS automount symlinks, which allows attackers to have an
unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088)
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem
in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
The do_anonymous_page function in mm/memory.c in the Linux kernel
does not properly separate the stack and the heap, which allows
context-dependent attackers to execute arbitrary code by writing
to the bottom page of a shared memory segment, as demonstrated by a
memory-exhaustion attack against the X.Org X server. (CVE-2010-2240)
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The Datagram Congestion Control Protocol (DCCP) subsystem in the
Linux kernel 2.6.18, and probably other versions, does not properly
check feature lengths, which might allow remote attackers to execute
arbitrary code, related to an unspecified overflow. (CVE-2008-2358)
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before
2.6.23.14, performs tests of access mode by using the flag variable
Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability
iDefense Security Advisory 09.25.07
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 25, 2007
I. BACKGROUND
Linux is a clone of the UNIX operating system, written from scratch by
Linus Torvalds with assistance from a loosely-knit team of hackers
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the
Linux kernel before 2.6.25.3 allows remote attackers to cause a
denial of service (memory consumption) via network traffic to a
Simple Internet Transition (SIT) tunnel interface, related to the
pskb_may_pull and kfree_skb functions, and management of an skb
reference count. (CVE-2008-2136)
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The selinux_ip_postroute_iptables_compat function in
security/selinux/hooks.c in the SELinux subsystem in the Linux kernel
before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is
enabled, omits calls to avc_has_perm for the (1) node and (2) port,
which allows local users to bypass intended restrictions on network
traffic. NOTE: this was incorrectly reported as an issue fixed in
2.6.27.21. (CVE-2009-1184)
Linux Kernel 2.6.38 Remote NULL Pointer Dereference
====================================================
[Advisory Information]
Title: Linux kernel 2.6.38: Remote NULL pointer dereference
Release date: 11/05/2011
Last update: 11/05/2011
Credits:
Aristide Fattori, Universit degli Studi di Milano (joystick@security.dico.unimi.it)
Affected: 2007.1
_______________________________________________________________________
Problem Description:
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix
extension support is enabled, does not honor the umask of a process,
which allows local users to gain privileges. (CVE-2007-3740)
The drm/i915 component in the Linux kernel before 2.6.22.2, when
used with i965G and later chipsets, allows local users with access
Affected: 2007.1
_______________________________________________________________________
Problem Description:
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix
extension support is enabled, does not honor the umask of a process,
which allows local users to gain privileges. (CVE-2007-3740)
The drm/i915 component in the Linux kernel before 2.6.22.2, when
used with i965G and later chipsets, allows local users with access
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Memory leak in the appletalk subsystem in the Linux kernel 2.4.x
through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and
ipddp modules are loaded but the ipddpN device is not found, allows
remote attackers to cause a denial of service (memory consumption)
via IP-DDP datagrams. (CVE-2009-2903)
Affected: 2007.1
_______________________________________________________________________
Problem Description:
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix
extension support is enabled, does not honor the umask of a process,
which allows local users to gain privileges. (CVE-2007-3740)
The drm/i915 component in the Linux kernel before 2.6.22.2, when
used with i965G and later chipsets, allows local users with access
Affected: 2007.1
_______________________________________________________________________
Problem Description:
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix
extension support is enabled, does not honor the umask of a process,
which allows local users to gain privileges. (CVE-2007-3740)
The drm/i915 component in the Linux kernel before 2.6.22.2, when
used with i965G and later chipsets, allows local users with access
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Tavis Ormandy discovered that the Linux kernel did not properly implement
exception fixup. A local attacker could exploit this to crash the kernel,
leading to a denial of service. (CVE-2010-3086)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
It was discovered that KVM did not correctly initialize certain CPU
registers. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-3698)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Thomas Pollet discovered that the RDS network protocol did not
check certain iovec buffers. A local attacker could exploit this
- Ubuntu 10.10
Summary:
Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4 devices
Details:
Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Memory leak in the appletalk subsystem in the Linux kernel 2.4.x
through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and
ipddp modules are loaded but the ipddpN device is not found, allows
remote attackers to cause a denial of service (memory consumption)
via IP-DDP datagrams. (CVE-2009-2903)
The CIFS filesystem, when Unix extension support is enabled, does
not honor the umask of a process, which allows local users to gain
privileges. (CVE-2007-3740)
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors. (CVE-2007-4133)
The IA32 system call emulation functionality in Linux kernel 2.4.x
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The snd_seq_oss_synth_make_info function in
sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux
kernel before 2.6.27-rc2 does not verify that the device number is
within the range defined by max_synthdev before returning certain
data to the caller, which allows local users to obtain sensitive
information. (CVE-2008-3272)
Unspecified vulnerability in the 32-bit and 64-bit emulation in the
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c)
in the Linux
kernel before 2.6.30 allows remote attackers to cause a denial
of service
(kernel memory corruption and crash) via a long packet. (CVE-2009-1389)
The inode double locking code in fs/ocfs2/file.c in the Linux kernel
2.6.30
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The gfs2_lock function in the Linux kernel before
2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux
kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly
remove POSIX locks on files that are setgid without group-execute
permission, which allows local users to cause a denial of service
(BUG and system crash) by locking a file on a (1) GFS or (2) GFS2
Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Kees Cook discovered that the ethtool interface did not correctly clear
kernel memory. A local attacker could read kernel heap memory, leading to a
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Linux kernel before 2.6.22.17, when using certain drivers that register
a fault handler that does not perform range checks, allows local users
to access kernel memory via an out-of-range offset. (CVE-2008-0007)
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and
2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules;
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The ATI Rage 128 (aka r128) driver in the Linux kernel before
2.6.31-git11 does not properly verify Concurrent Command Engine (CCE)
state initialization, which allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly gain
privileges via unspecified ioctl calls. (CVE-2009-3620)
Affected: 2008.0
_______________________________________________________________________
Problem Description:
The wait_task_stopped function in the Linux kernel before 2.6.23.8
checks a TASK_TRACED bit instead of an exit_state value, which
allows local users to cause a denial of service (machine crash) via
unspecified vectors. NOTE: some of these details are obtained from
third party information. (CVE-2007-5500)
Problem Description:
A vulnerability was discovered and corrected in the Linux 2.6 kernel:
The setup_arg_pages function in fs/exec.c in the Linux kernel before
2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict
the stack memory consumption of the (1) arguments and (2) environment
for a 32-bit application on a 64-bit platform, which allows local
users to cause a denial of service (system crash) via a crafted exec
system call, a related issue to CVE-2010-2240. (CVE-2010-3858)
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Linux RDS Protocol Local Privilege Escalation
Release Date: 2010-10-19
Application: Linux Kernel
Versions: 2.6.30 - 2.6.36-rc8
Severity: High
Author: Dan Rosenberg < drosenberg (at) vsecurity (dot) com >
Vendor Status: Patch Released [3]
CVE Candidate: CVE-2010-3904
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
Details follow:
USN-1080-1 fixed vulnerabilities in the Linux kernel. This update provides
the corresponding updates for the Linux kernel for use with EC2.
Original advisory details:
Thomas Pollet discovered that the RDS network protocol did not check
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a
PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT
and MMAP_PAGE_ZERO flags when executing a setuid or setgid program,
which makes it easier for local users to leverage the details of
memory usage to (1) conduct NULL pointer dereference attacks, (2)
bypass the mmap_min_addr protection mechanism, or (3) defeat address
Next Page>>
|
