exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2014-2523

Status Candidate

Overview

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

Related Files

Mandriva Linux Security Advisory 2014-124
Posted Jun 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-124 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2012-2137, CVE-2013-2897, CVE-2014-0069, CVE-2014-0077, CVE-2014-0101, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874, CVE-2014-2039, CVE-2014-2309, CVE-2014-2523, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153, CVE-2014-3917
SHA-256 | 73e79f50856da66b94dc300dcf75b8e4967914b79209768459dcab2e0db44614
Red Hat Security Advisory 2014-0634-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0634-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's Adaptec RAID controller checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions.

tags | advisory, remote, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-6383, CVE-2014-0077, CVE-2014-2523
SHA-256 | 4adbe4156cf99b06994f18b8d8b373ee5ccb0bb00681929e0cf8cff5e762e6da
Red Hat Security Advisory 2014-0593-01
Posted Jun 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0593-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the handle_rx() function handled large network packets when mergeable buffers were disabled. A privileged guest user could use this flaw to crash the host or corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, remote, arbitrary, kernel, code execution, protocol
systems | linux, redhat
advisories | CVE-2014-0077, CVE-2014-2523
SHA-256 | e0af259e59818ab241512a60cb69f15bfc958b2f4f82dba792286e8e46eb78ae
Ubuntu Security Notice USN-2227-1
Posted May 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2227-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-4483, CVE-2014-0069, CVE-2014-0077, CVE-2014-0101, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2309, CVE-2014-2523, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851
SHA-256 | 030f8dbdef1c111fe4bbe4103734f72cb888f3ba4144f7241099df3eede3cb21
Ubuntu Security Notice USN-2228-1
Posted May 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2228-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0055, CVE-2014-0077, CVE-2014-0100, CVE-2014-0101, CVE-2014-1737, CVE-2014-1738, CVE-2014-2309, CVE-2014-2523, CVE-2014-2672, CVE-2014-2673, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851
SHA-256 | cbc98ee7edf9f6b0c61ecb645c9d3e101aa77a558f1ea88158b44edf00b8d013
Ubuntu Security Notice USN-2225-1
Posted May 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2225-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0055, CVE-2014-0077, CVE-2014-0100, CVE-2014-0101, CVE-2014-1737, CVE-2014-1738, CVE-2014-2309, CVE-2014-2523, CVE-2014-2672, CVE-2014-2673, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851
SHA-256 | 1ca8698870b1aeeb7cd24ed60310742267e3248417075cd461c1b8fa466516f1
Ubuntu Security Notice USN-2223-1
Posted May 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2223-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-4483, CVE-2014-0055, CVE-2014-0077, CVE-2014-0101, CVE-2014-1737, CVE-2014-1738, CVE-2014-2309, CVE-2014-2523, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3122
SHA-256 | c386b44476309ae7dac47eb0a8d7cc0a26662f0c3adc3b24f480afe3edd7f15c
Ubuntu Security Notice USN-2224-1
Posted May 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2224-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0055, CVE-2014-0077, CVE-2014-0101, CVE-2014-1737, CVE-2014-1738, CVE-2014-2309, CVE-2014-2523, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3122
SHA-256 | b625f3ae67dd825bf8f26346dd77dbec5fa9b71a0820c41ad8aa80cd57a6a847
Ubuntu Security Notice USN-2221-1
Posted May 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2221-1 - Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-4483, CVE-2014-0069, CVE-2014-0077, CVE-2014-0101, CVE-2014-1737, CVE-2014-1738, CVE-2014-2309, CVE-2014-2523, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851
SHA-256 | 5616975f2fb4dd39c84f62c8002d7351e1f5dddc09b837aabc10d511eb920b67
Red Hat Security Advisory 2014-0475-01
Posted May 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0475-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's Adaptec RAID controller checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions.

tags | advisory, remote, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-6383, CVE-2014-0077, CVE-2014-2523
SHA-256 | d11f1789310cad87908144e149842aaeeb43c7ec9cbc6c39580ed4aa67644a5c
Red Hat Security Advisory 2014-0439-01
Posted Apr 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0439-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A denial of service flaw was found in the way the Linux kernel's IPv6 implementation processed IPv6 router advertisement packets. An attacker able to send a large number of RA packets to a target system could potentially use this flaw to crash the target system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, redhat
advisories | CVE-2013-7263, CVE-2013-7265, CVE-2014-0069, CVE-2014-1438, CVE-2014-1690, CVE-2014-1874, CVE-2014-2309, CVE-2014-2523
SHA-256 | 2b623200e0a9ae6450a12d72a8175b17fe8b289abc75e214b50cd7e3b3ee735b
Ubuntu Security Notice USN-2174-1
Posted Apr 26, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2174-1 - A flaw was discovered in the Linux kernel's handling of SCTP handshake. A remote attacker could exploit this flaw to cause a denial of service (system crash). An error was discovered in the Linux kernel's DCCP protocol support. A remote attacked could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2014-0101, CVE-2014-2523
SHA-256 | 89d8cc09d3de6e1dfd4d0d979f67ece93422dc334b8f7b5f3daad38cd77f0e7c
Ubuntu Security Notice USN-2173-1
Posted Apr 26, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2173-1 - A flaw was discovered in the Linux kernel's handling of SCTP handshake. A remote attacker could exploit this flaw to cause a denial of service (system crash). An error was discovered in the Linux kernel's DCCP protocol support. A remote attacked could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2014-0101, CVE-2014-2523
SHA-256 | dbadbd53311ec0266888516c23db444ce430d9ebb8a0eb78df1cacca49e67218
Debian Security Advisory 2906-1
Posted Apr 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2906-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-0343, CVE-2013-2147, CVE-2013-2889, CVE-2013-2893, CVE-2013-4162, CVE-2013-4299, CVE-2013-4345, CVE-2013-4512, CVE-2013-4587, CVE-2013-6367, CVE-2013-6380, CVE-2013-6381, CVE-2013-6382, CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7339, CVE-2014-0101, CVE-2014-1444, CVE-2014-1445, CVE-2014-1446, CVE-2014-1874, CVE-2014-2039, CVE-2014-2523, CVE-2103-2929
SHA-256 | 336839d986f877d0c9633d42e6961fa76ae807751676c40199ee1f7de18091c3
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close