4 matches found
K15482: Linux kernel vulnerability CVE-2014-4943
Security Advisory Description The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. CVE-2014-4943 Impact None. No F5 products are affected by this...
Oracle Linux 7 : unbreakable enterprise kernel (ELSA-2014-3049)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3049 advisory. - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229497 CVE-2014-4943 CVE-2014-4943 - ptrace,x86: force IRET path...
Oracle Linux 7 : kernel (ELSA-2014-0923)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0923 advisory. - net l2tpppp: fail when socket option level is not SOLPPPOL2TP Petr Matousek 1119465 1119466 CVE-2014-4943 Tenable has extracted the preceding...
Linux Kernel l2tp_ip_sendmsg()和pppol2tp_sendmsg()函数整数溢出漏洞
BUGTRAQ ID: 44762 CVE ID: CVE-2010-4160 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel中的PPPoL2TP实现(net/l2tp/l2tpppp.c,pppol2tpsendmsg)和IPoL2TP实现(net /l2tp/l2tpip.c,l2tpipsendmsg)都调用了sockwmalloc,而后者没有执行任何边界检查便对大小参数执行了算术运算。因此,如果发布了超大大小的sendto调用,这个分配大小就会回绕,导致分配过小的缓冲区。成功利用这个漏洞可能导致内核忙碌或内核堆溢出。 Linux...