Next Page >>
kernel
IMPACT
------
By exploiting either of the VMware flaws described in this document,
user-mode code executing in a virtual machine may gain kernel
privileges within the virtual machine, dependent upon the guest
operating system. The flaws have been proven exploitable on x64
versions of Windows, and they have produced potentially exploitable
crashes on x64 versions of *BSD. The Linux kernel does not allow
exploitation of these flaws on x64 versions of Linux.
IMPACT
------
By exploiting the VMware flaw described in this document, user-mode
code executing in a virtual machine may gain kernel privileges within
the virtual machine, dependent upon the guest operating system. The
flaw has been proven exploitable on x64 versions of Windows, and it
has produced potentially exploitable crashes on x64 versions of *BSD.
The Linux kernel does not allow exploitation of the flaws on x64
versions of Linux.
Mandriva Linux Security Advisory MDVSA-2010:188
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : September 23, 2010
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2010:198
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : October 7, 2010
Affected: 2009.0
_______________________________________________________________________
Problem Description:
linux-image-2.6.32-216-dove 2.6.32-216.33
Ubuntu 10.10:
linux-image-2.6.32-416-dove 2.6.32-416.33
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
Mandriva Linux Security Advisory MDVSA-2011:051
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : March 18, 2011
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
all the necessary changes.
Details follow:
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)
Dave Chinner discovered that the XFS filesystem did not correctly order
inode lookups when exported by NFS. A remote attacker could exploit this to
all the necessary changes.
Details follow:
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)
Dan Jacobson discovered that ThinkPad video output was not correctly access
controlled. A local attacker could exploit this to hang the system, leading
validate certain sizes. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-2798)
Kees Cook discovered that under certain situations the ioctl subsystem for
DRM did not properly sanitize its arguments. A local attacker could exploit
this to read previously freed kernel memory, leading to a loss of privacy.
(CVE-2010-2803)
Eric Dumazet discovered that many network functions could leak kernel stack
contents. A local attacker could exploit this to read portions of kernel
memory, leading to a loss of privacy. (CVE-2010-2942, CVE-2010-3477)
- Ubuntu 10.10
Summary:
Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4 devices
Details:
validate certain sizes. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-2798)
Kees Cook discovered that under certain situations the ioctl subsystem for
DRM did not properly sanitize its arguments. A local attacker could exploit
this to read previously freed kernel memory, leading to a loss of privacy.
(CVE-2010-2803)
Eric Dumazet discovered that many network functions could leak kernel stack
contents. A local attacker could exploit this to read portions of kernel
memory, leading to a loss of privacy. (CVE-2010-2942, CVE-2010-3477)
CVE-2010-3877 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073
CVE-2010-4074 CVE-2010-4078 CVE-2010-4079 CVE-2010-4080
CVE-2010-4081 CVE-2010-4083 CVE-2010-4164
Debian Bug(s) :
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2963
linux-image-2.6.35-25-virtual 2.6.35-25.44~lucid1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
}}}}}
}
The crash dump looks like the following.
Jan 28 11:33:07 r00tme kernel:
Jan 28 11:33:07 r00tme kernel:
Jan 28 11:33:07 r00tme kernel: Fatal trap 12: page fault while in kernel mode
Jan 28 11:33:07 r00tme kernel: cpuid = 0; apic id = 00
Jan 28 11:33:07 r00tme kernel: fault virtual address = 0xc
Jan 28 11:33:07 r00tme kernel: fault code = supervisor
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Tavis Ormandy discovered that the Linux kernel did not properly implement
exception fixup. A local attacker could exploit this to crash the kernel,
leading to a denial of service. (CVE-2010-3086)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748
CVE-2011-1759 CVE-2011-1767 CVE-2011-1768 CVE-2011-1776
CVE-2011-2022 CVE-2011-2182
Debian Bug : 618485
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2524
CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746
CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1770
CVE-2011-1776 CVE-2011-2022
Debian Bug(s) :
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2010-3875
The advisory for this vulnerability has been updated to include a
suggested workaround:
Preventing the RDS kernel module from loading is an effective
workaround. This can be accomplished by executing the following
command as root:
echo "alias net-pf-21 off" > /etc/modprobe.d/disable-rds
In addition, I've uploaded a new version of the exploit which should
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Linux RDS Protocol Local Privilege Escalation
Release Date: 2010-10-19
Application: Linux Kernel
Versions: 2.6.30 - 2.6.36-rc8
Severity: High
Author: Dan Rosenberg < drosenberg (at) vsecurity (dot) com >
Vendor Status: Patch Released [3]
CVE Candidate: CVE-2010-3904
Mandriva Linux Security Advisory MDVSA-2008:112
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : June 12, 2008
Affected: 2007.1
_______________________________________________________________________
Problem Description:
linux-image-2.6.35-27-virtual 2.6.35-27.48
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
FreeBSD/amd64 is commonly used on 64bit systems with AMD and Intel
CPU's. For Intel CPU's this architecture is known as EM64T or Intel
64.
The gs segment CPU register is used by both user processes and the
kernel to convieniently access state data. User processes use it to
manage per-thread data, and the kernel uses it to manage per-processor
data. As the processor enters and leaves the kernel it uses the
'swapgs' instruction to toggle between the kernel and user values for
the gs register.
Mandriva Linux Security Advisory MDVSA-2008:167
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : August 12, 2008
Affected: 2008.1
_______________________________________________________________________
Problem Description:
VULNERABILITIES DESCRIPTION AND TECHNICAL DETAILS:
---------------
SUPERAntiSpyware and Super Ad Blocker have almost identical device
drivers in order to set up hooks and perform other duties from kernel
space. These device drivers suffer from lack of validation of
parameters passed from user mode. Additionally, some of the functions
accessible from user mode are inherently insecure and lead to easy
privilege escalation. All vulnerabilities are applicable to both
applications.
linux-image-2.6.32-313-ec2 2.6.32-313.26
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910
CVE-2009-3001 CVE-2009-3002 CVE-2009-3228 CVE-2009-3238
CVE-2009-3286 CVE-2009-3547 CVE-2009-3612 CVE-2009-3613
CVE-2009-3620 CVE-2009-3621
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-2846
Mandriva Linux Security Advisory MDVSA-2009:135
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : June 17, 2009
Affected: 2009.0
_______________________________________________________________________
Problem Description:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: Panda Internet Security/Antivirus+Firewall 2008
cpoint.sys Kernel Driver Memory Corruption Vulnerability
Advisory ID: TKADV2008-001
Revision: 1.0
Release Date: 2008/03/08
Last Modified: 2008/03/08
Date Reported: 2008/01/08
CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248
CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346
CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565
CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-0435
Mandriva Linux Security Advisory MDVSA-2009:289
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : October 27, 2009
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Next Page>>
|
