53 matches found
UBUNTU-CVE-2016-2517
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service prevent subsequent authentication by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE:...
kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...
kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...
kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...
kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...
kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...
ntpd design flaws
ntpd Network Time Protocol daemon is an operating system daemon that uses the Network Time Protocol NTP to keep synchronized with the system time of a time server. A security vulnerability in ntpd version 4.x prior to 4.2.8p7 and version 4.3 prior to 4.3.92 stems from the program failing to...
Wireshark RSVP Parser Denial of Service Vulnerability
Wireshark is the most popular network protocol parser. In Wireshark version 2.0.x prior to 2.0.1 and version 1.12.x prior to 1.12.9, the function dissectrsvpcommon within epan/dissectors/packet-rsvp.c in the RSVP parser does not correctly retain the request-key data, which can be exploited to cau...
UBUNTU-CVE-2015-8727
The dissectrsvpcommon function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service use-after-free and application crash via a crafted...
CVE-2015-8727
The dissectrsvpcommon function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service use-after-free and application crash via a crafted...
MDVA-2009:025 : keyutils
This update fixes two minor issues with keyutils. request-key was installed in /usr/sbin while the kernel expect it in /sbin directory. keyctl was installed in /usr/bin instead of /bin. This update also add lines to /etc/request-key.conf for cifs.upcall required for krb5 support for mount.cifs...
security flaw
Memory leak in the requestkeyauthdestroy function in requestkeyauth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service memory consumption via a large number of authorization token keys...
PT-2005-3947 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.10 through 2.6.13 Description: The issue is related to a memory leak in the request key auth destroy function within the request key auth component of the Linux kernel. This leak allows local users to cause a denial ...