25 matches found
EUVD-2017-1529
Malware in sbrugna...
Mageia: Security Advisory (MGASA-2017-0261)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Unbreakable Enterprise kernel security update
4.1.12-124.39.5 - Input: ff-memless - kill timer in destroy Oliver Neukum Orabug: 31213691 CVE-2019-19524 - libertas: Fix two buffer overflows at parsing bss descriptor Wen Huang Orabug: 31351307 CVE-2019-14896 CVE-2019-14897 CVE-2019-14897 - binfmtelf: use ELFETDYNBASE only for PIE Kees Cook...
Important kernel security update: New kernel 2.6.32-042stab144.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
This update provides a new kernel 2.6.32-042stab144.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0. It is based on the RHEL 6.10 kernel 2.6.32-754.29.2.el6 and inherits security and stability fixes from it. The new kernel also provides internal security and stability fixes...
CentOS 6 : kernel (RHSA-2020:1524)
The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1524 advisory. - The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMINFINITY and 1 Gigabyte of memory is allocate...
CentOS: Security Advisory for kernel (CESA-2020:1524)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200422) (Stack Clash)
Security Fixes : - kernel: rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow CVE-2019-17666 - kernel: offset2lib allows for the stack guard page to be jumped over CVE-2017-1000371 C Tenable Network Security...
Oracle Linux 6 : kernel (ELSA-2020-1524)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1524 advisory. - wireless rtlwifi: Fix potential overflow on P2P code Jarod Wilson 1775226 CVE-2019-17666 Tenable has extracted the preceding description block direct...
Juniper Junos Space < 17.1R1 Multiple Vulnerabilities (JSA10826)
According to its self-reported version number, the version of Junos Space running on the remote device is 17.1R1, and is therefore affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid104100; scriptversion"1.7";...
[SECURITY] [DSA 3981-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3981-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3981-1] linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3981-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2017 https://www.debian.org/security/faq -...
Fedora 26 : kernel (2017-d3ed702fe4) (Stack Clash)
The 4.11.6 update contains a number of important fixes across the tree, including the recently announced 'stack clash' Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...
CVE-2017-1000371
creationtimestamp| type| source ---|---|--- 2017-06-28 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42273 2017-06-28 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42276...
Linux Kernel - 'offset2lib' Stack Clash
/ Linuxoffset2lib.c for CVE-2017-1000370 and CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or a...
Linux Kernel - offset2lib Stack Clash
Linux Kernel - offset2lib Stack Clash / Linuxoffset2lib.c for CVE-2017-1000370 and CVE-2017-1000371 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation,...
Amazon Linux AMI : kernel (ALAS-2017-845) (Stack Clash)
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp'ed over, this affects Linux Kernel versions 4.11.5 and earlier the stackguard page was introduced in 2010. CVE-2017-1000364 The offset2lib patch as use...
CVE-2017-1000371
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMINFINITY and 1 Gigabyte of memory is allocated the maximum under the 1/4 restriction then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimu...
Design/Logic Flaw
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...
CVE-2017-1000371
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMINFINITY and 1 Gigabyte of memory is allocated the maximum under the 1/4 restriction then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimu...
CVE-2017-1000371
A flaw was found in the Linux kernel's implementation of mapping ELF PIE binary loading to allow evasion of the stack-guard page protection mechanisms that intend to mitigate this behavior. This issue appears to be limited to i386 based systems...