Astra Linux - уязвимость в libseccomp

In versions of libsseccomp before 2.4.0, 64-bit syscall argument comparisons using arithmetic operators LT, GT, LE, GE were not generated correctly. This issue could potentially allow bypassing seccomp filters and leading to potential privilege escalations...

Huawei EulerOS: Security Advisory for libseccomp (EulerOS-SA-2019-1956)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : libseccomp (EulerOS-SA-2019-2025)

According to the version of the libseccomp package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which migh...

EulerOS Virtualization for ARM 64 3.0.2.0 : libseccomp (EulerOS-SA-2019-1956)

According to the version of the libseccomp package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators...

EulerOS 2.0 SP5 : libseccomp (EulerOS-SA-2019-1794)

According to the version of the libseccomp package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which migh...

USN-4001-1: libseccomp vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker could use this to bypass...

Ubuntu 16.04 LTS / 18.04 LTS : libseccomp vulnerability (USN-4001-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4001-1 advisory. Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An...

USN-4001-2 libseccomp vulnerability

USN-4001-1 fixed a vulnerability in libseccomp. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker...

ALPINE-CVE-2019-9893

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which might able to lead to bypassing seccomp filters and potential privilege escalations...

CVE-2019-9893

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators LT, GT, LE, GE, which might able to lead to bypassing seccomp filters and potential privilege escalations...

kernel: x86-64: seccomp: 32/64 syscall hole

The securecomputing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x8664 platform, when CONFIGSECCOMP is enabled, does not properly handle 1 a 32-bit process making a 64-bit syscall or 2 a 64-bit process making a 32-bit syscall, which allows...

Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-752-1)

NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. CVE-2008-4307 Sparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a...

Ubuntu: Security Advisory (USN-752-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Kernel审计系统audit_syscall_entry()系统调用绕过安全限制漏洞

BUGTRAQ ID: 33951 Linux Kernel是开放源码操作系统Linux所使用的内核。 Syscall过滤技术通常基于由编号确定的syscall或具体参数来确认是否允许执行调用。在通过编号确定syscall时，64位Linux内核（x8664）上syscall编号可能既映射到32位又映射到64位的syscall表，而这两种syscall表是不同的。由于用户空间进程是由 syscall表控制的，因此可以绕过syscall编号检查，执行非授权操作。 例如，syscall过滤技术可能在监控64位进程，且配置为允许常见的open syscall的子集，在64位平台上为syscal...

Design/Logic Flaw

Niels Provos Systrace before 1.6f on the x8664 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall...