2015 matches found
kernel: use-after-free in SMB2_write function in fs/cifs/smb2pdu.c
An flaw was discovered in the Linux kernel's CIFS client implementation. While issuing an SMB2write, a value can be used after it was intended to be freed when CIFS function tracing is enabled. Even though the data is used after being freed, using it to for privilege escalation does not seem...
Debian DLA-1965-1 : nfs-utils security update
In the nfs-utils package, providing support files for Network File System NFS including the rpc.statd daemon, the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root...
[SECURITY] [DLA 1965-1] nfs-utils security update
Package : nfs-utils Version : 1.2.8-9+deb8u1 CVE ID : CVE-2019-3689 Debian Bug : 940848 In the nfs-utils package, providing support files for Network File System NFS including the rpc.statd daemon, the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and manag...
DEBIAN-CVE-2019-3689
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If...
kernel: nfs: use-after-free in svc_process_common()
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...
kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...
kernel: nfs: use-after-free in svc_process_common()
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...
DEBIAN-CVE-2019-14202
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfshandler reply helper function: nfsreadlinkreply...
DEBIAN-CVE-2019-14196
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfslookupreply...
DEBIAN-CVE-2019-14200
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfshandler reply helper function: rpclookupreply...
DEBIAN-CVE-2019-14201
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfshandler reply helper function: nfslookupreply...
DEBIAN-CVE-2019-14195
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfsreadlinkreply in the "else" block after calculating the new path length...
DEBIAN-CVE-2019-14197
An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfsreadreply...
UBUNTU-CVE-2019-14203
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfshandler reply helper function: nfsmountreply...
UBUNTU-CVE-2019-14198
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfsreadreply when calling storeblock in the NFSv3 case...
UBUNTU-CVE-2019-14194
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfsreadreply when calling storeblock in the NFSv2 case...
UBUNTU-CVE-2019-14201
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfshandler reply helper function: nfslookupreply...
PT-2019-13522
Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2019.07 Description An issue was discovered in Das U-Boot. There is an unbounded memcpy with a failed length check at nfs read reply when calling store block in the NFSv3 case. Recommendations For versions prior to...
PT-2019-13519
Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2019.07 Description An issue was discovered in Das U-Boot. There is an unbounded memcpy with unvalidated length at nfs readlink reply in the "else" block after calculating the new path length. Recommendations For...
PT-2019-13525
Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2019.07 Description A stack-based buffer overflow issue was found in the nfs handler reply helper function, specifically in the nfs lookup reply function. Recommendations For Das U-Boot versions prior to 2019.07,...