Next Page >>
local
USN-1074-1 fixed vulnerabilities in linux-fsl-imx51 in Ubuntu 9.10. This
update provides the corresponding updates for Ubuntu 10.04.
Original advisory details:
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
(CVE-2009-4895)
Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly
check file permissions. A local attacker could overwrite append-only files,
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
(CVE-2009-4895)
Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly
check file permissions. A local attacker could overwrite append-only files,
symlink structures. If an attacker were able to trick a user or automated
system into mounting a specially crafted filesystem, it could crash the
system or exposde kernel memory, leading to a loss of privacy.
Ben Hutchings discovered that the ethtool interface did not correctly
check certain sizes. A local attacker could perform malicious ioctl calls
that could crash the system, leading to a denial of service. (Only Ubuntu
10.04 LTS was affected.) (CVE-2010-2478, CVE-2010-3084)
Eric Dumazet discovered that many network functions could leak kernel
stack contents. A local attacker could exploit this to read portions
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
Details follow:
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
(CVE-2009-4895)
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
>Sent: Monday, December 13, 2010 9:12 AM
>To: Thor (Hammer of God)
>Cc: George Carlson; bugtraq@securityfocus.com; full-
>disclosure@lists.grok.org.uk
>Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows
>Local Workstation Admins to Temporarily Escalate Privileges and Login as
>Cached Domain Admin Accounts (2010-M$-002)
>
>I hope I'm not just feeding the troll...
No, you are perpetuating inaccurate vulnerability claims.
November 26, 2010 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-2963 CVE-2010-3067 CVE-2010-3296 CVE-2010-3297
CVE-2010-3310 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442
CVE-2010-3448 CVE-2010-3477 CVE-2010-3705 CVE-2010-3848
CVE-2010-3849 CVE-2010-3850 CVE-2010-3858 CVE-2010-3859
June 18, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-2524 CVE-2010-3875 CVE-2010-4075 CVE-2010-4655
CVE-2011-0695 CVE-2011-0710 CVE-2011-0711 CVE-2011-0726
CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078
CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1093
So far I agree with Thor. Did I miss something? Has anyone demonstrated
using the locally cached credentials to access resources across the network?
So far I haven't seen anything new or interesting in this thread:
1. StenoPlasma claims that a local admin can access and reuse the cached
credentials of other users.
2. Stefan, Thor, et al yawn.
3. Joyce, Andrea, and perhaps others seem to be conflating local access
(what StenoPlasma was talking about) with gaining domain admin privileges on
domain controllers and other resources on separate machines (which nobody
currently looking for when it comes to advanced persistent threats.
On Dec 13, 2010 11:54 AM, "Kurt Dillard" <kurtdillard@msn.com> wrote:
> So far I agree with Thor. Did I miss something? Has anyone demonstrated
> using the locally cached credentials to access resources across the network?
> So far I haven't seen anything new or interesting in this thread:
>
> 1. StenoPlasma claims that a local admin can access and reuse the cached
> credentials of other users.
> 2. Stefan, Thor, et al yawn.
- linux-ti-omap4: Linux kernel for OMAP4 devices
Details:
Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
May 24, 2011 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726
CVE-2011-1016 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080
CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170
CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180
February 22, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kernel-source-2.6.8 (2.6.8-17sarge1)
Vulnerability : several
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-5823 CVE-2006-6054 CVE-2006-6058 CVE-2006-7203
CVE-2007-1353 CVE-2007-2172 CVE-2007-2525 CVE-2007-3105
CVE-2007-3739 CVE-2007-3740 CVE-2007-3848 CVE-2007-4133
CVE-2007-4308 CVE-2007-4573 CVE-2007-5093 CVE-2007-6063
I hope I'm not just feeding the troll...
A local admin is an admin on one system. The domain admin is an admin
on all systems in the domain, including mission critical Windows
servers. With temporary domain admin privs, the local admin could log
into the AD and change permissions / passwords for another user or
another user, thus getting full admin rights on all systems for a long
period of time. Plus whatever havoc might be caused by having the
ability to change rights on fileshares to allow the new domain admin
to see confidential files..
all the necessary changes.
Details follow:
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)
Dan Jacobson discovered that ThinkPad video output was not correctly access
controlled. A local attacker could exploit this to hang the system, leading
than CVE-2010-4164. (CVE-2010-3873)
The bcm_connect function Broadcast Manager in the Controller Area
Network (CAN) implementation in the Linux creates a publicly accessible
file with a filename containing a kernel memory address, which allows
local users to obtain potentially sensitive information about kernel
memory use by listing this filename. (CVE-2010-4565)
The install_special_mapping function in mm/mmap.c does not make an
expected security_file_mmap function call, which allows local users
to bypass intended mmap_min_addr restrictions and possibly conduct
all the necessary changes.
Details follow:
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)
Dave Chinner discovered that the XFS filesystem did not correctly order
inode lookups when exported by NFS. A remote attacker could exploit this to
May 2, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6.24
Vulnerability : denial of service/privilege escalation/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-4307 CVE-2008-5079 CVE-2008-5395 CVE-2008-5700
CVE-2008-5701 CVE-2008-5702 CVE-2009-0028 CVE-2009-0029
CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322
CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0834
March 6, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kernel-source-2.4.27 (2.4.27-10sarge7)
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
CVE ID : CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823
CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353
CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848
CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063
February 22, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kernel-source-2.4.27 (2.4.27-10sarge6)
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
CVE ID : CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823
CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353
CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848
CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063
Wow. I guess you didn't read the post either. I'm a bit surprised that a Sr. Network Engineer thinks that Group Policies "differentiate between local and Domain administrators." You're making it sound like you think Group Policy application has some "magic permissions" or something, or that a "domain administrator" is a "bigger" administrator than the local administrator.
Group Policy loads from the client via the Group Policy Client service. If I'm a local admin, I can just set my local system to not process group policy via the GPExtensions hive. Done. If I take the domain admin out of my local administrators, they can't do anything. Done.
How exactly do you think this is problematic for "shops that differentiate between desktop support and AD support"? (whatever that means).
t
>-----Original Message-----
>From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-disclosure-
2. *Vulnerability Information*
Class: Client side
Remotely Exploitable: Yes
Locally Exploitable: Yes
Bugtraq ID: 33178
CVE Name: CVE-2009-1140
3. *Vulnerability Description*
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory:
Local Privilege Escalation Vulnerabilities in Cisco VPN Client
Advisory ID: cisco-sa-20070815-vpnclient
http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml
January 30, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162
CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248
CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346
CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565
to the bottom page of a shared memory segment, as demonstrated by a
memory-exhaustion attack against the X.Org X server. (CVE-2010-2240)
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel
does not properly restrict TCP_MAXSEG (aka MSS) values, which allows
local users to cause a denial of service (OOPS) via a setsockopt call
that specifies a small value, leading to a divide-by-zero error or
incorrect use of a signed integer. (CVE-2010-4165)
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel
does not initialize a certain structure, which allows local users to
In whose universe? Did you even read the post? Local admins become LOCAL ADMINS by using a cached domain account who is a LOCAL ADMIN. You have to do it with the network cable unplugged. There is no privilege escalation here.
StenoPlasma's intent was to educate people on how things worked, and while there isn't a security issue here, he was completely correct in that you guys really need to learn what you are talking about.
t
>-----Original Message-----
>From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-disclosure-
>bounces@lists.grok.org.uk] On Behalf Of jcoyle@winwholesale.com
>Sent: Friday, December 10, 2010 11:45 AM
February 27, 2010 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6.24
Vulnerability : privilege escalation/denial of service/sensitive memory leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726
CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021
CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538
CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0410
May 6, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : denial of service/privilege escalation/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-4307 CVE-2008-5395 CVE-2008-5701 CVE-2008-5702
CVE-2008-5713 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031
CVE-2009-0065 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676
CVE-2009-0834 CVE-2009-0859 CVE-2009-1192 CVE-2009-1265
Dec 15, 2008 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : denial of service/privilege escalation
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-3527 CVE-2008-3528 CVE-2008-4554 CVE-2008-4576
CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029
CVE-2008-5079 CVE_2008-5182 CVE-2008-5300
*Vulnerability Information*
Class: Zone Elevation Restrictions Bypass and Security Zone Restrictions
Bypass
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 30585
CVE Name: CVE-2008-1448
*Vulnerability Description*
unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088)
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem
in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9
does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure
members, which might allow local users to obtain sensitive information
from kernel memory via unspecified vectors. (CVE-2009-3228)
The do_pages_move function in mm/migrate.c in the Linux kernel before
2.6.33-rc7 does not validate node values, which allows local users
to read arbitrary kernel memory locations, cause a denial of service
Next Page>>
|
