FreeBSD Patches Kernel Panic Vulnerability

FreeBSD has patched a denial-of-service vulnerability affecting versions configured to support SCTP and IPv6, the default configurations on later version of the open source OS. Researchers at Positive Technologies in the U.K. said versions 9.3, 10.1 and 10.2 are affected and can be exploited by a...

FreeBSD SCTP ICMPv6 - Error Processing

FreeBSD SCTP ICMPv6 - Error Processing !/usr/bin/env python -- coding: utf-8 -- ''' Source: http://blog.ptsecurity.com/2016/01/severe-vulnerabilities-detected-in.html SCTP stream control transmission protocol is a transport-layer protocol designed to transfer signaling messages in an IP...

FreeBSD-SA-16:01.sctp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:01.sctp Security Advisory The FreeBSD Project Topic: SCTP ICMPv6 error message vulnerability Category: core Module: SCTP Announced: 2016-01-14 Credits:...

FreeBSD -- SCTP ICMPv6 error message vulnerability

Problem Description: A lack of proper input checks in the ICMPv6 processing in the SCTP stack can lead to either a failed kernel assertion or to a NULL pointer dereference. In either case, a kernel panic will follow. Impact: A remote, unauthenticated attacker can reliably trigger a kernel panic i...

Debian DLA-360-1 : linux-2.6 security update

This update fixes the CVEs described below. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid operations on local AFUNIX sockets can result in a use-after-free. This may be used to cause a denial of service crash or possibly for privilege escalation. CVE-2015-7799...

RedHat Update for kernel RHSA-2015:2552-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 360-1] linux-2.6 security update

Package : linux-2.6 Version : 2.6.32-48squeeze17 CVE ID : CVE-2013-7446 CVE-2015-7799 CVE-2015-7833 CVE-2015-7990 CVE-2015-8324 This update fixes the CVEs described below. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid...

DLA-360-1 linux-2.6 - security update

Bulletin has no description...

Amazon Linux AMI : kernel (ALAS-2015-610)

A denial of service vulnerability was discovered in the keyring function's garbage collector in the Linux kernel. The flaw allowed any local user account to trigger a kernel panic. CVE-2015-7872 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Juniper Networks Junos OS IPv6 mbuf Chain DoS Vulnerability

Junos OS is prone to a DoS vulnerability in the mbuf chain. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...

Medium: kernel

Issue Overview: A denial of service vulnerability was discovered in the keyring function's garbage collector in the Linux kernel. The flaw allowed any local user account to trigger a kernel panic. CVE-2015-7872 Affected Packages: kernel Issue Correction: Run yum update kernel or yum update...

kernel: nfnetlink race in NETLINK_NFLOG socket creation

A race-condition flaw was discovered in the kernel's netlink module creation, which can trigger a kernel panic in netlinkrelease-moduleput for local users creating netlink sockets. The flaw is specific to Red Hat Enterprise Linux and does not affect upstream kernels. The nfnetlinklog module must ...

kernel: Creating multiple sockets when SCTP module isn't loaded leads to kernel panic

A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded...

kernel: Creating multiple sockets when SCTP module isn't loaded leads to kernel panic

A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded...

[SECURITY] [DSA 3396-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3396-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2015 https://www.debian.org/security/faq -...

CVE-2006-7177

MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service system crash via unspecified vectors that lead to a kernel panic in the ieee80211input function, related to "packets coming from a 'malicious' WinXP system."...

CVE-2006-5649

Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC PPC allows local users to cause a denial of service kernel panic via unspecified vectors...

Juniper Junos IPv6 Packet Handling mbuf Chain Corruption DoS (JSA10699)

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability due to a flaw related to the processing of IPv6 packets. An unauthenticated, remote attacker can exploit this, via a specially crafted IPv6 packet, to trigger an 'mbuf'...

CVE-2014-6450

CVE-2014-6450 affects Juniper Networks Junos OS when IPv6 is enabled. The vulnerability allows remote attackers to cause a denial of service via crafted IPv6 packets, leading to mbuf chain corruption and a kernel panic. Affected versions include Junos OS releases listed in the CVE description (e....

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...