Linux 3.4+ recvmmsg x32 compat Proof of Concept

Exploit for linux platform in category dos / poc / PoC trigger for the linux 3.4+ recvmmsg x32 compat bug, based on the manpage https://code.google.com/p/chromium/issues/detail?id=338594 $ while true; do echo $RANDOM /dev/udp/127.0.0.1/1234; sleep 0.25; done / define GNUSOURCE include include...

Linux Kernel 3.4 3.13.2 - recvmmsg x32 compat (PoC)

Linux Kernel 3.4 3.13.2 - recvmmsg x32 compat PoC / PoC trigger for the linux 3.4+ recvmmsg x32 compat bug, based on the manpage https://code.google.com/p/chromium/issues/detail?id=338594 $ while true; do echo $RANDOM /dev/udp/127.0.0.1/1234; sleep 0.25; done / define GNUSOURCE include include...

Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat (PoC)

/ PoC trigger for the linux 3.4+ recvmmsg x32 compat bug, based on the manpage https://code.google.com/p/chromium/issues/detail?id=338594 $ while true; do echo $RANDOM /dev/udp/127.0.0.1/1234; sleep 0.25; done / define GNUSOURCE include include include include include include include define...

CVE-2014-0038

The compatsysrecvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIGX86X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter...

Information disclosure

The dgramrecvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2...

CVE-2013-7281

CVE-2013-7281 affects the Linux kernel’s dgram_recvmsg in net/ieee802154/dgram.c and allows local users to leak kernel stack memory by updating a length value without initializing an associated data structure. The issue is fixed in kernel 3.12.4 (patch referenced in changelog), with exposure via ...

CVE-2013-7281

The dgramrecvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2...

CVE-2013-7281

The dgramrecvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2...

DEBIAN-CVE-2013-7269

The nrrecvmsg function in net/netrom/afnetrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a 1 recvfrom, 2 recvmmsg, or 3...

DEBIAN-CVE-2013-7263

The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, or 3 recvmsg system call, related to net/ipv4/ping.c,...

DEBIAN-CVE-2013-7268

The ipxrecvmsg function in net/ipx/afipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a 1 recvfrom, 2 recvmmsg, or 3 recvm...

DEBIAN-CVE-2013-7264

The l2tpiprecvmsg function in net/l2tp/l2tpip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...

Information disclosure

The x25recvmsg function in net/x25/afx25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a 1 recvfrom, 2 recvmmsg, or 3 recvm...

Information disclosure

The l2tpiprecvmsg function in net/l2tp/l2tpip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...

Information disclosure

The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...

CVE-2013-7264

The CVE-2013-7264 issue affects the Linux kernel up to version 3.12.3, specifically the l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c. The vulnerability arises because a length value is updated before ensuring that the associated data structure is initialized, enabling a local attacker to leak k...

CVE-2013-7266

CVE-2013-7266 affects the Linux kernel code path in drivers/isdn/mISDN/socket.c up to version 3.12.3. The function mISDN_sock_recvmsg does not consistently validate length against the related data structure, enabling local attackers to read kernel memory via (1) recvfrom, (2) recvmmsg, or (3) rec...

CVE-2013-7269

The CVE-2013-7269 vulnerability affects the Linux kernel (affected area: net/netrom/af_netrom.c) before 3.12.4. The issue arises when nr_recvmsg updates a length value without ensuring the associated data structure is initialized, enabling local attackers to read kernel memory via recvfrom, recvm...

CVE-2013-7266

The mISDNsockrecvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a 1 recvfrom, 2...

CVE-2013-7264

The l2tpiprecvmsg function in net/l2tp/l2tpip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...