39 matches found
Mandriva Linux Security Advisory : kernel (MDVSA-2014:230)
Multiple vulnerabilities has been found and corrected in the Linux kernel : The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause...
USN-2420-1: Linux kernel vulnerabilities
A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...
USN-2419-1: Linux kernel (Trusty HWE) vulnerabilities
A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...
Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2419-1)
A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2420-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2420-1 advisory. A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream -longterm 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1 caus...
CVE-2014-7970
The pivotroot implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service mount-tree loop via . dot values in both arguments to the pivotroot system call...
stunnel: Arbitrary code execution
Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description A buffer overflow vulnerability has been discovered in stunnel. Please review the CVE identifier referenced below for details. Impact A remote attacker could...
DEBIAN-CVE-2013-1956
The createuserns function in kernel/usernamespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call...
FreeBSD : stunnel -- Remote Code Execution (c97219b6-843d-11e2-b131-000c299b62e1)
Michal Trojnara reports : 64-bit versions of stunnel with the following conditions : NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the 'connect' option or execute MITM attacks on the...
stunnel -- Remote Code Execution
Michal Trojnara reports: 64-bit versions of stunnel with the following conditions: NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the "connect" option or execute MITM attacks on the T...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard...
CVE-2009-2904
CVE-2009-2904 is a local privilege-escalation flaw in OpenSSH related to a Red Hat modification of the ChrootDirectory feature. The issue affects OpenSSH 4.8 used by sshd in OpenSSH 4.3 on Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allowing a local user to gain privileges via hard links t...
CVE-2009-2904
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, relate...
openssh security update
CentOS Errata and Security Advisory CESA-2009:1287 Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's...
Low: Red Hat Security Advisory: openssh security, bug fix, and enhancement update
Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure Shell protocol implementation. These...
CVE-2005-4532
scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...
CVE-2005-4532
scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...
CVE-2005-4532
CVE-2005-4532 affects scponly versions 4.1 and earlier. The root cause is a design/implementation flaw in scponlyc that can be exploited when LD_PRELOAD is available: an unprivileged user can create a chroot directory in their home, hard-link to a system setuid application, and override expected ...