exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2011-0463

Status Candidate

Overview

The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file.

Related Files

Ubuntu Security Notice USN-1212-1
Posted Sep 21, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1212-1 - Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. Various other issues were also addressed.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2011-0463, CVE-2011-1017, CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1160, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1180, CVE-2011-1182, CVE-2011-1493, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1581, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1748, CVE-2011-1770, CVE-2011-1771, CVE-2011-1833, CVE-2011-2022, CVE-2011-2484
SHA-256 | f2bd89a7fb4e075ddf3c443cc67ea905e50e3d359edda7464f4642e35cf7b84e
Ubuntu Security Notice USN-1187-1
Posted Aug 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1187-1 - It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2010-3698, CVE-2010-3865, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3881, CVE-2010-4075, CVE-2010-4076, CVE-2010-4077, CVE-2010-4079, CVE-2010-4083, CVE-2010-4163, CVE-2010-4248, CVE-2010-4342, CVE-2010-4346, CVE-2010-4527, CVE-2010-4529, CVE-2010-4565, CVE-2010-4649, CVE-2010-4656, CVE-2010-4668, CVE-2011-0463, CVE-2011-0521, CVE-2011-0695, CVE-2011-0711, CVE-2011-0712, CVE-2011-0726
SHA-256 | a19be41338e6dd32d9108d32eb9499a6fb77d0e0338c29273697babba2520b9a
Ubuntu Security Notice USN-1167-1
Posted Jul 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1167-1 - Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that the CAN protocol on 64bit systems did not correctly calculate the size of certain buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2010-3859, CVE-2010-3874, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4158, CVE-2010-4162, CVE-2010-4163, CVE-2010-4164, CVE-2010-4165, CVE-2010-4169, CVE-2010-4175, CVE-2010-4243, CVE-2010-4248, CVE-2010-4249, CVE-2010-4256, CVE-2010-4258, CVE-2010-4342, CVE-2010-4346, CVE-2010-4527, CVE-2010-4529, CVE-2010-4565, CVE-2010-4649, CVE-2010-4668, CVE-2011-0463, CVE-2011-0521, CVE-2011-0695
SHA-256 | 8526a398ece12352476245b529d050abf1036c6d1dbd6b2e79564438cb5f197c
Ubuntu Security Notice USN-1159-1
Posted Jul 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1159-1 - Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not correctly handle certain configurations. If such a device was configured without VLANs, a remote attacker could crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-4243, CVE-2010-4263, CVE-2010-4342, CVE-2010-4529, CVE-2010-4565, CVE-2011-0463, CVE-2011-0695, CVE-2011-0711, CVE-2011-0726, CVE-2011-1013, CVE-2011-1016, CVE-2011-1017, CVE-2011-1019, CVE-2011-1090, CVE-2011-1163, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1182, CVE-2011-1494, CVE-2011-1495, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1747, CVE-2011-1748
SHA-256 | b846a972a635d2f4929093c13ed01b597ac9a45ad66ad9a96e3d4bd83abe9d31
Ubuntu Security Notice USN-1164-1
Posted Jul 6, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1164-1 - Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Dan Rosenberg discovered that the CAN protocol on 64bit systems did not correctly calculate the size of certain buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Various other issues were also addressed.

tags | advisory, arbitrary, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2010-4081, CVE-2010-3865, CVE-2010-3874, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4157, CVE-2010-4164, CVE-2010-4248, CVE-2010-4258, CVE-2010-4342, CVE-2010-4346, CVE-2010-4527, CVE-2010-4529, CVE-2010-4565, CVE-2010-4655, CVE-2010-4656, CVE-2011-0463, CVE-2011-0521, CVE-2011-0695, CVE-2011-0711, CVE-2011-0712, CVE-2011-1017
SHA-256 | 4e4395012a3efacb0412aff2ad1192af5495aeffbe292f807d0de267e1af68f2
Ubuntu Security Notice USN-1162-1
Posted Jul 5, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1162-1 - Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not correctly handle certain configurations. If such a device was configured without VLANs, a remote attacker could crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-4243, CVE-2010-4263, CVE-2010-4342, CVE-2010-4529, CVE-2010-4565, CVE-2011-0463, CVE-2011-0695, CVE-2011-0711, CVE-2011-0726, CVE-2011-1013, CVE-2011-1016, CVE-2011-1017, CVE-2011-1019, CVE-2011-1090, CVE-2011-1163, CVE-2011-1182, CVE-2011-1494, CVE-2011-1495, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1747, CVE-2011-1748, CVE-2011-2022
SHA-256 | 5f9dbdee4c9cb66849ecb0fc61bcdea533d2e1379acc2d9161a3c99809f90f7e
Ubuntu Security Notice USN-1160-1
Posted Jun 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1160-1 - Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Various other issues were also addressed.

tags | advisory, x86, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2010-4529, CVE-2010-4565, CVE-2010-4656, CVE-2011-0463, CVE-2011-0521, CVE-2011-0695, CVE-2011-0711, CVE-2011-0712, CVE-2011-0726, CVE-2011-1010, CVE-2011-1012, CVE-2011-1013, CVE-2011-1016, CVE-2011-1017, CVE-2011-1019, CVE-2011-1082, CVE-2011-1083, CVE-2011-1169, CVE-2011-1182, CVE-2011-1494, CVE-2011-1495, CVE-2011-1593, CVE-2011-1745, CVE-2011-1748, CVE-2011-2022
SHA-256 | 934e3131ff453ae37627f4f3e4e27245ba82027abdbac477246bd7efd898fe63
Ubuntu Security Notice USN-1146-1
Posted Jun 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1146-1 - Kees Cook discovered that some ethtool functions did not correctly clear heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit this to read portions of kernel heap memory, leading to a loss of privacy. Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2010-4655, CVE-2010-4656, CVE-2011-0463, CVE-2011-0695, CVE-2011-0712, CVE-2011-1012, CVE-2011-1017, CVE-2011-1593
SHA-256 | 587a331a188a15742c49cc3c31453d858c70c6ea710797e17fa98b2b7a3b4316
Ubuntu Security Notice USN-1141-1
Posted Jun 1, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1141-1 - Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not correctly handle certain configurations. If such a device was configured without VLANs, a remote attacker could crash the system, leading to a denial of service. Various other issues were also discovered.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-4243, CVE-2010-4263, CVE-2010-4342, CVE-2010-4529, CVE-2010-4565, CVE-2010-4656, CVE-2011-0463, CVE-2011-0521, CVE-2011-0695, CVE-2011-0712, CVE-2011-0726, CVE-2011-1010, CVE-2011-1012, CVE-2011-1013, CVE-2011-1016, CVE-2011-1019, CVE-2011-1082, CVE-2011-1083, CVE-2011-1182
SHA-256 | 57d390bf303463d6c20dbdd18a9985526c1055c3466d6eb556248e59af380d06
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close