604 matches found
Unbreakable Enterprise kernel security and bug fix update
kernel-uek 3.8.13-44 - net: Use netlinknscapable to verify the permisions of netlink messages Eric W. Biederman Orabug: 19404229 CVE-2014-0181 - net: Add variants of capable for use on netlink messages Eric W. Biederman Orabug: 19404229 - net: Add variants of capable for use on on sockets Eric W...
kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt()
A flaw was found in the way the pppol2tpsetsockopt and pppol2tpgetsockopt functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOLPPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system...
RedHat Update for kernel RHSA-2014:0923-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
kernel, perf, python security update
CentOS Errata and Security Advisory CESA-2014:0923 Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...
Oracle Linux 7 : unbreakable enterprise kernel (ELSA-2014-3049)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3049 advisory. - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229497 CVE-2014-4943 CVE-2014-4943 - ptrace,x86: force IRET path...
Oracle Linux 7 : kernel (ELSA-2014-0923)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0923 advisory. - net l2tpppp: fail when socket option level is not SOLPPPOL2TP Petr Matousek 1119465 1119466 CVE-2014-4943 Tenable has extracted the preceding...
Important: Red Hat Security Advisory: kernel security update
Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
unbreakable enterprise kernel security update
kernel-uek 3.8.13-35.3.2.el7uek - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229497 CVE-2014-4943 CVE-2014-4943 - ptrace,x86: force IRET path after a ptracestop Tejun Heo Orabug: 19230689 CVE-2014-4699 - net: flowdissector: fail on evil iph-ihl Jason Wang...
[USN-2289-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2289-1 July 17, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
[oss-security] CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets
CVE-2014-4943 is a flaw in the Linux kernel allowing an unprivileged user to escalate to kernel privilege when CONFIGPPPOL2TP is enabled. If built as a module, a work-around to limit this to just the root user would be to add this to /etc/modprobe.conf: alias pppox-proto-1 off blacklist l2tpppp...
Ubuntu: Security Advisory (USN-2288-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2290-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2285-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2287-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2282-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3047)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3047 advisory. - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229505 CVE-2014-4943 CVE-2014-4943 Tenable has extracted the...
Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3048)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3048 advisory. - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229529 CVE-2014-4943 CVE-2014-4943 Tenable has extracted the...
CVE-2014-4943
The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket...
unbreakable enterprise kernel security update
kernel-uek 2.6.32-400.36.4uek - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229529 CVE-2014-4943 CVE-2014-4943 - ptrace,x86: force IRET path after a ptracestop Tejun Heo Orabug: 19230692 CVE-2014-4699...
USN-2290-1: Linux kernel vulnerabilities
Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Salva Peiró discovered an information leak in the Linux kernel's media- device...