kernel: Information leak in Linux sound module in timer.c

A vulnerability was found in Linux kernel. There is an information leak in file "sound/core/timer.c" of the latest mainline Linux kernel, the stack object “tread” has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copytouser, resulting a...

kernel: sound: a race condition in the kernel sound timer in snd_timer_user_read()

A race condition was found in the Linux kernel's sound timer code in the sndtimeruserread function in the sound/core/timer.c file. An unprivileged attacker can exploit the race condition to cause an out-of-bound access which may lead to a system crash or other unspecified impact. Due to the natur...

Updated kernel packages fixes security vulnerablilities

This update is based on the upstream 4.4.22 kernel and fixes at least theese security issues: sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the...

CVE-2016-8667

The rc4030write function in hw/dma/rc4030.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service divide-by-zero error and QEMU process crash via a large interval timer reload value...

Legal Robot: Information Disclosure on rate limit defense mechanism

Security researcher showed that we were returning the number of seconds to wait between attempts. While this can be helpful for legitimate users, it's more likely to be exploited by attackers that simply need to set a timer for the number of seconds we return in the error message...

Cisco IOS XR NCS 6000 Packet Timer Leak DoS (cisco-sa-20160713-ncs6k)

The version of Cisco IOS XR running on the remote NCS 6000 device is affected by a denial of service vulnerability due to improper management of system timer resources. An unauthenticated, remote attacker can exploit this, via numerous management connections to the affected device, to consume...

Announcing the Third Annual Flare-On Challenge

Let fall be the season for reverse engineering! On Sept. 23, 2016, the FireEye Labs Advanced Reverse Engineering FLARE team will be hosting its third annual Flare-On reverse engineering contest with a designated start time of 8pm ET. This is a CTF-style challenge for all active and aspiring rever...

Security update for the Linux Kernel (important)

The openSUSE 13.2 kernel was updated to fix various bugs and security issues. The following security bugs were fixed: - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and...

Linux/x86-64 - Subtle Probing Reverse Shell, Timer, Burst, Password, Multi-Terminal Shellcode (84, 1

include include //| //| Exploit Title: linux x8664 Subtle Probing Reverse Shell, Timer, Burst, Password, multi-Terminal 84, 122, 172 bytes //| Date: 07/20/2016 //| Exploit Author: CripSlick //| Tested on: Kali 2.0 Linux x8664 //| Version: No program being used or exploited; I only relied syscalls...

Linux/x86-64 - Subtle Probing Reverse Shell, Timer, Burst, Password, Multi-Terminal (84, 122, 172 bytes)

Linux/x86-64 - Subtle Probing Reverse Shell, Timer, Burst, Password, Multi-Terminal 84, 122, 172 bytes. Shellcode exploit for Linx86-64 platform...

Cisco IOS XR for Cisco Network Convergence System Denial of Service Vulnerability

Cisco IOS XR on NCS 6000 is an operating system from Cisco that runs on 6000 series router devices. A denial of service vulnerability exists in Cisco IOS XR versions 5.x through 5.2.5 on NCS 6000 devices, which arises from the program failing to properly manage system timer resources. A remote...

Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability

A vulnerability in the management of system timer resources in Cisco IOS XR for Cisco Network Convergence System 6000 NCS 6000 Series Routers could allow an unauthenticated, remote attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3016-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3016-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3018-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3018-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-3021-1)

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service system crash. CVE-2016-3951 Kangji...

USN-3017-3 linux-lts-wily vulnerabilities

USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correct...

USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

USN-3016-2 linux-raspi2 vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

openSUSE: Security Advisory for kernel (openSUSE-SU-2016:1382-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-629)

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes bsc970948. - CVE-2016-3136: mctu232: add sanity checking in probe bnc970955. - CVE-2016-2188:...