what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2015-8660

Status Candidate

Overview

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

Related Files

Overlayfs Privilege Escalation
Posted Nov 1, 2016
Authored by rebel, h00die | Site metasploit.com

This Metasploit module attempts to exploit two different CVEs (CVE-2015-1328 and CVE-2015-8660) related to overlayfs.

tags | exploit
advisories | CVE-2015-1328, CVE-2015-8660
SHA-256 | 051ac68d3b034444740ccd04d39c409e4a6f9b78bb6c5b472cf8e1acac90159d
Red Hat Security Advisory 2016-1539-01
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1539-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-2143, CVE-2016-4470
SHA-256 | a0ebfcaea69e03370b97678ac5b2af09385693a06588a694af826744d11bfd62
Red Hat Security Advisory 2016-1532-02
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1532-02 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-4470
SHA-256 | ae0ec067d76f883f07ac5ae1dac7a6ee3601b9b24f9fbd3814d99d690ead6941
Red Hat Security Advisory 2016-1541-03
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1541-03 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-4470
SHA-256 | 993b6f46bf8ef0fd9c20f5a4cd5b31000f1cfdfbbebb96d3af8403e94e254c62
Ubuntu 14.04 LTS / 15.10 overlayfs Local Root
Posted Jan 6, 2016
Authored by rebel

Ubuntu 14.04 LTS and 15.10 overlayfs local root exploit.

tags | exploit, local, root
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 1bf1b95880d7fb521bfe0cf76bb75801961ebb5f6b4b91508407ee6bad1b5076
Ubuntu Security Notice USN-2858-3
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2858-3 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 48425681b0b5e53cc4b801c91c5dcb8b298e07313c119da1cedff6eacf4292a3
Ubuntu Security Notice USN-2858-2
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2858-2 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 84b822e206e80ae7b54ed801761cd7e4fb9808f03798dc7446e5325a4760b793
Ubuntu Security Notice USN-2858-1
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2858-1 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 45cfcb2e85fdde5eb27a504542175a36445956c958ab02632509d0bd1adead99
Ubuntu Security Notice USN-2857-2
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2857-2 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 7e38428ed628f59f51dad90aea0dacbac3f82c78e918bc84ccec9e85b4f01c29
Ubuntu Security Notice USN-2857-1
Posted Jan 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2857-1 - Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8660
SHA-256 | 8af0ea8abe573c2c245c547df79ec15d62a5547312f9d4d0daf04fa42de8d477
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close