NUEVA VULNERABILIDAD, Linux Kernel ‘net/mac80211/’ Multiple Remote Denial of Service Vulnerabilities

The Linux Kernel is prone to multiple remote denial-of-service vulnerabilities.

An attacker can exploit these issues to cause a kernel panic, denying service to legitimate users.

REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

NUEVA VULNERABILIDAD, Linux Kernel KVM ‘KVM_MAX_MCE_BANKS’ Memory Corruption Vulnerability

The Linux kernel is prone to a memory-corruption vulnerability that affects the Kernel-based Virtual Machine (KVM).

Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers.

Versions prior to Linux kernel 2.6.32-rc7 are vulnerable.

REFERENCIA DE LA VULNERABILIDAD

OTRAS REFERENCIAS

• KVM: x86: Catch potential overrun in MCE setup (Jan Kiszka)
• Linux 2.6.32-rc7 Changelog (Linux)
• Linux kernel Homepage (kernel.org)

Published: Nov 16 2009 | Updated: Nov 16 2009

fuente: securityfocus.com

Descubren un fallo crítico en Linux

El fallo permitiría que un usuario malicioso tomara el control completo del sistema operativo de código abierto.

Un desarrollador de software ha descubierto un fallo en la mayoría de las versiones de Linux que podría permitir a un usuarios obtener el control completo del sistema operativo de código abierto. Por el momento el fallo de referencia sólo se ha solucionado en el próximo kernel candidato 2.6.32, por lo que todas las versiones de Linux son vulnerables.

Aunque los ataques se pueden impedir implementando una característica común conocida como mmap_min_addr, la distribución Red Hat Enterprise Linux no implementa adecuadamente esta protección, según ha informado Brad Spengler, la persona que descubrió el fallo hace algunas semanas.

Es más, parece ser que la mayoría de los administradores se ven forzados a deshabilitar esta característica para que sus sistemas puedan ejecutar herramientas de desarrollo o entornos de escritorio como Wine.

fuente: itespresso.es

DOS NUEVAS VULNERABILIDADES que afectan al Kernel de Linux

1- Linux Kernel Keyring ‘refcount’ Local Denial of Service Vulnerability

The Linux kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected computer, denying service to legitimate users.

2- Linux Kernel NFSV4 CallbackClient NULL Pointer Dereference Local Denial of Service Vulnerability

The Linux kernel is prone to a local denial-of-service vulnerability. Local attackers may exploit this issue to cause the affected computer to crash, denying service to legitimate users.

Published:  Oct 22 2009
Updated:     Oct 22 2009

Linux kernel Homepage (kernel.org)

fuente: fuente: securityfocus.com

NUEVA VULNERABILIDAD. Linux Kernel ‘unix_stream_connect()’ Local Denial of Service Vulnerability

The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the affected kernel to stop responding, denying service to legitimate users.

Linux kernel 2.6.31.4 is vulnerable; other versions may also be affected.
Published:     Oct 19 2009 12:00AM
Updated:        Oct 19 2009 07:38PM

REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

NUEVA VULNERABILIDAD, Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability

The Linux kernel is prone to a local denial-of-service vulnerability in the ‘eCryptfs’ component.

Attackers can exploit this issue to corrupt memory, resulting in a denial-of-service condition. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Linux kernel 2.6.31.2 are vulnerable.

Published:       Oct 08 2009 12:00AM
Updated:          Oct 08 2009 07:29PM

REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

NUEVA VULNERABILIDAD, Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability

The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Published:    Oct 01 2009 12:00AM
Updated:       Oct 01 2009 10:30PM

REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

NUEVA VULNERABILIDAD. Linux kernel ‘O_EXCL’ NFSv4 Privilege Escalation Vulnerability

The Linux kernel is prone to a privilege-escalation vulnerability.

Local attackers may be able to exploit this issue to execute arbitrary code with the privileges of another user and compromise the affected computer.

Versions prior to Linux kernel 2.6.19-rc6 are vulnerable.

Published:       Sep 21 2009 12:00AM
Updated:         Sep 22 2009 08:00PM

Linux kernel Homepage

REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

NUEVA VULNERABILIDAD, Linux Kernel ‘drivers/scsi/sg.c’ NULL Pointer Dereference Denial of Service Vulnerability

The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

The Linux kernel 2.6.28-rc1 through 2.6.31-rc8 are vulnerable.

Published:    Sep 02 2009 12:00AM
Updated:       Sep 03 2009 05:52PM

REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

NUEVA VULNERABILIDAD. Linux Kernel ‘net/llc/af_llc.c’ Local Information Disclosure Vulnerability

The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

NOTE: In kernel versions after 2.6.24.4, attackers must have the ‘CAP_NET_RAW’ capability to exploit this issue.

Publicado:         Aug 25 2009 12:00AM
Actualizado:    Aug 25 2009 04:33PM

EXPLOIT
REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

NUEVA VULNERABILIDAD. Linux Kernel ‘tun_chr_pool()’ NULL Pointer Dereference Vulnerability

The Linux kernel is prone to a local NULL pointer dereference vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash an affected kernel, denying service to legitimate users.

This issue was introduced in Linux kernel 2.6.30.

Published:       Jul 17 2009 12:00AM
Updated:            Jul 17 2009 12:00AM

REFERENCIA DE LA VULNERABILIDAD

EXPLOIT

fuente: securityfocus.com

NUEVA VULNERABILIDAD. Linux Kernel ‘PER_CLEAR_ON_SETID’ Incomplete Personality List Access Validation Vulnerability

The Linux Kernel is prone to an unauthorized-access vulnerability because of an error in the definition of the ‘PER_CLEAR_ON_SETID’ personalities mask. These masks are defined in the ‘include/linux/personality.h’ source file.

An attacker can exploit this issue to perform privileged operations on a vulnerable computer, which may aid in further attacks.

Published:       Jul 13 2009 12:00AM
Updated:           Jul 13 2009 06:26PM

REFERENCIA DE LA VULNERABILIDAD

OTRAS REFERENCIAS

fuente: securityfocus.com

VULNERABILIDAD. Linux Kernel CIFS Remote Buffer Overflow Vulnerability

The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.29; other versions may also be vulnerable.

Published:       Apr 06 2009 12:00AM
Updated:          Apr 09 2009 08:36PM

REFERENCIA

fuente: securityfocus.com

VULNERABILIDAD. 10 Nuevas vulnerabilidades reportadas en el kernel de LINUX.

Se han reportado 10 nuevas vulnerabilidades que afectan el kernel de LINUX.

fuente: securityfocus

Linux Kernel SCTP INIT-ACK AUTH Extension Remote Denial of Service Vulnerability

Linux Kernel ‘/include/xen/blkif.h’ 32-on-64 Support Denial Of Service Vulnerability

Linux Kernel ‘do_splice_from()’ Local Security Bypass Vulnerability

Linux Kernel ‘truncate()’ Local Privilege Escalation Vulnerability

Linux Kernel SCTP Protocol Violation Remote Denial of Service Vulnerability

Linux Kernel i915 Driver ‘drivers/char/drm/i915_dma.c’ Memory Corruption Vulnerability

Linux Kernel ‘hfsplus_find_cat()’ Local Denial of Service Vulnerability

Linux Kernel ‘tvaudio.c’ Operations NULL Pointer Dereference Denial of Service Vulnerability

Linux Kernel ‘__scm_destroy()’ Local Denial of Service Vulnerability

Linux Kernel ‘hfs_cat_find_brec()’ Local Denial of Service Vulnerability

VULNERABILIDAD. Linux Kernel ‘lbs_process_bss()’ Remote Denial of Service Vulnerability

The Linux Kernel is prone to a remote denial-of-service vulnerability because of a buffer-overflow error in the ‘libertas’ subsystem.

Successful exploits will allow attackers to crash the affected computer, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute code, but this has not been confirmed.

Versions prior to Linux Kernel 2.6.27.5 are vulnerable.

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

VULNERABILIDAD. Linux Multiples Vulnerabilidades en Kernel

Han aparecido multiples vulnerabilidades para diversos entornos Linux, donde directamente atacan al Kernel de Linux.
fuente: securityfocus

Linux Kernel USB PWC Driver Local Denial Of Service Vulnerability

Linux Kernel ’snd_seq_oss_synth_make_info()’ Information Disclosure Vulnerability

Linux Kernel s390 ptrace Denial Of Service Vulnerability

Linux Kernel ‘truncate()’ Local Privilege Escalation Vulnerability

Linux kernel ‘fs/direct-io.c’ Local Denial of Service Vulnerability