[SECURITY] Fedora 21 Update: fuse-2.9.4-1.fc21

With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE userspace tools to mount a FUSE filesystem...

Debian DLA-238-1 : fuse security update

Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the...

[SECURITY] Fedora 22 Update: fuse-2.9.4-1.fc22

With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE userspace tools to mount a FUSE filesystem...

FUSE Local Elevation of Privilege Vulnerability

FUSE - Filesystem in Userspace, a Linux module for mounting certain network spaces, such as SSH, to the local filesystem, can be found on SourceForge. FUSE suffers from a local elevation of privilege vulnerability. A local attacker can exploit this vulnerability to overwrite arbitrary files using...

Debian DSA-3266-1 : fuse - security update

Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the...

Debian Security Advisory DSA 3266-1 (fuse - security update)

Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the...

DSA-3266-1 fuse - security update

Bulletin has no description...

Memory corruption

The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0.00051 and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195...

USN-2528-1 linux vulnerability

It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service system crash or to potentially gain administrative privileges...

Debian DSA-3070-1 : kfreebsd-9 - security update

Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure. - CVE-2014-3711 Denial of service through memory leak in sandboxed namei lookups. - CVE-2014-3952 Kernel memory disclosure in sockbuf control messages. - CVE-2014-395...

CVE-2014-5148

Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to...

CVE-2014-5148

Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to...

Linux Kernel Stack Infoleaks Vulnerability

No description provided by source. //Enjoy... // //-Dan / You've done it. After hours of gdb and caffeine, you've finally got a shell on your target's server. Maybe next time they will think twice about running MyFirstCompSciProjectFTPD on a production machine. As you take another sip of Mountain...

Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure

No description provided by source. / cve-2010-3437.c Linux Kernel 2.6.36-rc6 pktcdvd Kernel Memory Disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=638085 The PKTCTRLCMDSTATUS device ioctl retrieves a pointer to a...

IBM WebSphere MQ File Transfer Edition Web Gateway CSRF Vulnerability

No description provided by source. Exploit Author: Nir Valtman Description: Malicious user is able to add userspace, change permissions on existing userspace and add MQMD MQ Message Descriptor user IDs. All of the these vulnerabilities can be exploited using a CSRF Cross Site Request Forgery...

Hardware timer context is not properly context switched on ARM

ISSUE DESCRIPTION When running on an ARM platform Xen was not context switching the CNTKCTLEL1 register, which is used by the guest kernel to control access by userspace processes to the hardware timers. This meant that any guest can reconfigure these settings for the entire system. IMPACT A...

Ubuntu Update for linux-ec2 USN-2065-1

Check for the Version of linux-ec2 OpenVAS Vulnerability Test $Id: gbubuntuUSN20651.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for linux-ec2 USN-2065-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Ubuntu 10.04 LTS : linux vulnerabilities (USN-2064-1)

Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. CVE-2013-4345 A flaw was discovered in the Linux kernel's IP Virtual Server IPVS support. A local user with the CAPNETADMI...

Ubuntu 13.10 : linux vulnerabilities (USN-2075-1)

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows...

Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2069-1)

Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload UFO. An unprivileged local user could exploit this flaw to cause a denial of service system crash or possibly gain administrative privileges. CVE-2013-4470 Multiple integer overflow flaws were discovered in the...