413 matches found
RHEL 7 : kernel (RHSA-2016:2574)
"An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
kernel: use-after-free via crafted IPV6 sendmsg for raw / tcp / udp / l2tp sockets.
It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...
kernel: use-after-free via crafted IPV6 sendmsg for raw / tcp / udp / l2tp sockets.
It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...
Linux io_submit L2TP sendmsg integer overflow vulnerability
Linux is an open source operating system. An integer overflow vulnerability exists in the Linux iosubmit L2TP sendmsg. Allow local elevation of privilege for unprivileged user accounts...
FreeBSD : FreeBSD -- Incorrect argument handling in sendmsg(2) (7c0bac69-600a-11e6-a6c3-14dae9d210b8)
Incorrect argument handling in the socket code allows malicious local user to overwrite large portion of the kernel memory. Impact : Malicious local user may crash kernel or execute arbitrary code in the kernel, potentially gaining superuser privileges. %NASLMINLEVEL 70300 C Tenable Network...
CVE-2016-3841
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...
DEBIAN-CVE-2016-3841
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...
CVE-2016-3841
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...
CVE-2016-3841
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...
UBUNTU-CVE-2016-3841
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...
PT-2016-7833 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.6.3 Description: A race condition exists in the netlink dump function, allowing local users to cause a denial of service or possibly have other unspecified impacts by making sendmsg system calls with a crafted...
FreeBSD Kernel (FreeBSD 10.2 x64) - sendmsg Kernel Heap Overflow (PoC)
FreeBSD Kernel FreeBSD 10.2 x64 - sendmsg Kernel Heap Overflow PoC include include include include include include include include include include void atagetxportvoid; int kprintfconst char fmt, ...; char ostype; void resolvechar name struct kldsymlookup ksym; ksym.version = sizeofksym;...
FreeBSD Kernel (FreeBSD 10.2 x64) - 'sendmsg' Kernel Heap Overflow (PoC)
include include include include include include include include include include void atagetxportvoid; int kprintfconst char fmt, ...; char ostype; void resolvechar name struct kldsymlookup ksym; ksym.version = sizeofksym; ksym.symname = name; ifkldsym0, KLDSYMLOOKUP, &ksym 0 perror"kldsym"; exit1...
FreeBSD-SA-16:19.sendmsg
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:19.sendmsg Security Advisory The FreeBSD Project Topic: Incorrect argument handling in sendmsg2 Category: core Module: kernel Announced: 2016-05-17 Credits:...
FreeBSD -- Incorrect argument handling in sendmsg(2)
Problem Description: Incorrect argument handling in the socket code allows malicious local user to overwrite large portion of the kernel memory. Impact: Malicious local user may crash kernel or execute arbitrary code in the kernel, potentially gaining superuser privileges...
kernel: use-after-free via crafted IPV6 sendmsg for raw / tcp / udp / l2tp sockets.
It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...
Linux Kernel - io_submit L2TP sendmsg Integer Overflow
Linux Kernel - iosubmit L2TP sendmsg Integer Overflow / Source: https://code.google.com/p/google-security-research/issues/detail?id=735 In certain kernel versions it is possible to use the AIO subsystem iosubmit syscall to pass size values larger than MAXRWCOUNT to the networking subsystem's...
DEBIAN-CVE-2015-7990
Race condition in the rdssendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerabili...
CVE-2015-7990
Race condition in the rdssendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerabili...
UBUNTU-CVE-2015-7990
Race condition in the rdssendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerabili...