Mostrando entradas con la etiqueta linux kernel. Mostrar todas las entradas
Mostrando entradas con la etiqueta linux kernel. Mostrar todas las entradas

Nuevas variantes de vulnerabilidades que afectan a Linux Kernel

Posted: 23/5/11 by komz in Etiquetas: , , ,
0

Linux kernel Vulnerabilities

Posted: 12/4/11 by komz in Etiquetas: , , ,
0

1. Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability

The Linux kernel is prone to a remote denial-of-service vulnerability related to SCTP protocol implementation.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

REFERNECE: http://www.securityfocus.com/bid/47308/info


2. Linux Kernel 'inotify_init1()' Double Free Local Denial of Service Vulnerability

The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause an out-of-memory condition, denying service to legitimate users.

REFERNECE: http://www.securityfocus.com/bid/47296/info


The Vulnerability Team adviced to users and administrators to review and apply the updates notifications
necessary to help mitigate the risks.

source: securityfocus.com 

Nuevas variantes de vulnerabilidades que afectan al Kernel de Linux

Posted: 12/1/11 by komz in Etiquetas: , ,
0

Linux Kernel 'hdsp.c' IOCTL Local Information Disclosure Vulnerability

Linux Kernel 'kvm_vcpu_events.interrupt.pad' Field Local Information Disclosure Vulnerability

Linux Kernel 'FBIOGET_VBLANK' IOCTL Local Information Disclosure Vulnerability

Linux Kernel IGB Panic VLAN Packet Remote Denial of Service Vulnerability

Linux Kernel 'blk_rq_map_user_iov()' Local Denial of Service Vulnerability

Linux Kernel 'SNDRV_HDSP_IOCTL_GET_CONFIG_INFO' IOCTL Local Information Disclosure Vulnerability

Linux Kernel TIOCGICOUNT CVE-2010-4077 Information Disclosure Vulnerability

Linux Kernel Unix Sockets Local Denial of Service Vulnerability

Linux Kernel 'l2tp_ip_sendmsg()' and 'pppol2tp_sendmsg()' Denial of Service Vulnerability

Linux Kernel 'ipc/sem.c' Information Disclosure Vulnerability

Linux Kernel 'hci_uart_tty_open()' Local Denial of Service Vulnerability

Linux Kernel 'net/core/filter.c' Local Information Disclosure Vulnerability

Linux Kernel 'VIAFB_GET_INFO' IOCTL Information Disclosure Vulnerability

Linux Kernel Block Layer Local Denial of Service Vulnerabilities

Linux Kernel 'posix-cpu-timers.c' Local Race Condition Vulnerability

Linux Kernel 'hmid_ds structure' Local Information Disclosure Vulnerability

Linux Kernel TIOCGICOUNT CVE-2010-4074 Information Disclosure Vulnerability

Linux Kernel CVE-2010-4073 Information Disclosure Vulnerability

Linux Kernel 'inet_diag.c' Netlink Message Denial of Service Vulnerability

Linux Kernel CAN Protocol Information Disclosure Vulnerability

Linux Kernel ETHTOOL_GRXCLSRLALL Local Information Disclosure Vulnerability

Linux Kernel Reliable Datagram Sockets (RDS) Protocol Local Integer Overflow Vulnerability


Linux Kernel ''TIOCGICOUNT'' Information Disclosure Vulnerability

Linux Kernel Multiple 'net/' Subsystems Local Information Disclosure Vulnerabilities

Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability


Linux Kernel TIOCGICOUNT 'serial_core.c' Information Disclosure Vulnerability

Linux Kernel 'net/sched/act_police.c' File Memory Leak Local Information Disclosure Vulnerability

Linux Kernel 'snd_seq_oss_open()' Multiple Local Memory Corruption Vulnerabilities

Linux Kernel 'XFS_IOC_FSGETXATTR' Information Disclosure Vulnerability

Linux Kernel 'ecryptfs_uid_hash()' Local Buffer Overflow Vulnerability

fuente: securityfocus.com


Nuevas variantes de vulnerabilidades que afectan al kernel de Linux

Posted: 22/12/10 by komz in Etiquetas: , , , , , ,
0

New Linux Kernel Vulnerabilities

Posted: 10/12/10 by komz in Etiquetas: , , , ,
0

1. Linux Kernel 'install_special_mapping()' Local Security Bypass Vulnerability

The Linux kernel is prone to a local security-bypass vulnerability because the 'install_special_mapping()' function fails to adequately perform certain security checks. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions.

2. Linux Kernel 'AF_ECONET' Protocol NULL Pointer Dereference Denial of Service Vulnerability

The Linux kernel is prone to a denial-of-service vulnerability.Attackers can exploit this issue to cause the kernel to panic, denying service to legitimate users. Due to the nature of this issue, attackers may be able to execute arbitrary code; this has not been confirmed.

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com



Nuevas vulnerabilidades que afectan al kernel de Linux

Posted: 26/11/10 by komz in Etiquetas: ,
0

NUEVA VULNERABILIDAD, Linux Kernel 'posix-cpu-timers.c' Local Race Condition Vulnerability

Posted: 25/11/10 by komz in Etiquetas: , , ,
0

The Linux kernel is prone to a local race-condition vulnerability.

A local attacker may exploit this issue to cause a kernel panic which halts the affected computer.

REFERENCIA.

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com 


Post to Twitter

NUEVA VULNERABILIDAD, Linux Kernel 'PKT_CTRL_CMD_STATUS' Invalid Pointer Dereference Denial of Service Vulnerability

Posted: 29/9/10 by komz in Etiquetas: , , ,
0

The Linux kernel is prone to an invalid pointer dereference denial-of-service vulnerability.

An attacker with permissions to open '/dev/pktcdvd/control' can exploit this issue to read arbitrary kernel memory or cause the kernel to crash, denying service to legitimate users. Due to the nature of the issue, code execution may be possible; this has not been confirmed.
REFERENCIA DE LA VULNERABILIDAD 


Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com

Vulnerabilidades locales en el kernel Linux

Posted: 25/8/10 by komz in Etiquetas: ,
0

Se han detectado recientemente dos vulnerabilidades en el kernel Linux, en su rama 2.6.x que podrían permitir a atacantes locales provocar una denegación de servicio u obtener acceso a información en memoria.

El primero de los fallos se da a la hora de limpiar la memoria en la función 'drm_ioctl' del fichero 'drivers/gpu/drm/drm_drv.c' del controlador DRM (Direct Rendering Manager). Un atacante local podría aprovechar esto para obtener acceso a direcciones de memoria basadas en pila anteriormente liberadas, mediante el envío de llamadas al sistema especialmente manipuladas y con acceso al servidor X.

El segundo problema es un desbordamiento de enteros en la familia de sockets 'AF_CAN', en concreto en los protocolos (Controller Area Network) y BCM (Broadcast Manager). Esto podría ser aprovechado por un atacante local para elevar privilegios a través del envío de paquetes CAN especialmente manipulados.

fuente: laflecha.net

Nuevas variantes de vulnerabilidades que afectan al Linux de Kernel

Posted: 17/6/10 by komz in Etiquetas: , ,
0

Linux Kernel 'sctp_process_unk_param()' Remote Denial of Service Vulnerability

Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability

Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability


Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias para mitigar los riesgos.

fuente: securityfocus.com