what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

CVE-2013-2888

Status Candidate

Overview

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.

Related Files

Red Hat Security Advisory 2014-0433-01
Posted Apr 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0433-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled TCP packets with both the SYN and FIN flags set. A remote attacker could use this flaw to consume an excessive amount of resources on the target system, potentially resulting in a denial of service. A flaw was found in the way the Linux kernel handled HID reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, tcp, protocol
systems | linux, redhat
advisories | CVE-2012-6638, CVE-2013-2888
SHA-256 | b57a17a2f5d3d72c9a217154739a3cbb03bbf2f12bdfef1de9f85b6b017b6f9f
Ubuntu Security Notice USN-2050-1
Posted Dec 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2050-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2147, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470, CVE-2013-0343, CVE-2013-2147, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4299, CVE-2013-4350, CVE-2013-4387, CVE-2013-4470
SHA-256 | 8821a1515b5d3a83f986d1b491a7a02d59ae5030a01c256ab95e438a8e7d158a
Ubuntu Security Notice USN-2039-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2039-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to a guest OS. A privileged user in the guest OS could exploit this flaw to destroy data on the disk, even though the guest OS should not be able to write to the disk. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2140, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387, CVE-2013-0343, CVE-2013-2140, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387
SHA-256 | d666179f4eca9accee08ccabed80dc0946e2c6fc975772befbf68c62fbea426d
Ubuntu Security Notice USN-2038-1
Posted Dec 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2038-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports TRIM or SCSI UNMAP to a guest OS. A privileged user in the guest OS could exploit this flaw to destroy data on the disk, even though the guest OS should not be able to write to the disk. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2140, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387, CVE-2013-0343, CVE-2013-2140, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387
SHA-256 | 8672520ae920f177437eb9025de7403e71472862cc712f76f38682792e48acfc
Red Hat Security Advisory 2013-1527-01
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1527-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2010-5107, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-4238, CVE-2013-4344
SHA-256 | 14c05f5415b232ba5013430dc6302052cda7f8421372edc37ce49c0008e3a968
Red Hat Security Advisory 2013-1645-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1645-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, udp
systems | linux, redhat
advisories | CVE-2012-6542, CVE-2012-6545, CVE-2013-0343, CVE-2013-1928, CVE-2013-1929, CVE-2013-2164, CVE-2013-2234, CVE-2013-2851, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-3231, CVE-2013-4345, CVE-2013-4387, CVE-2013-4591, CVE-2013-4592
SHA-256 | 97d65ec407c60f5d7fb845675304c446d1888daf065dc7d8976e4e16c33033ab
Ubuntu Security Notice USN-2024-1
Posted Nov 11, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2024-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387, CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387
SHA-256 | 295703ff6d475041ac7bb2652502b1f90ed3e506351b58c3554f5438c9bf2c1c
Ubuntu Security Notice USN-2022-1
Posted Nov 11, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2022-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387, CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387
SHA-256 | 3b65c0f31ea250ae78ab872e05ac0341612af3239cd3a17b8641df50842f91e6
Ubuntu Security Notice USN-2021-1
Posted Nov 11, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2021-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387, CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387
SHA-256 | 33a07a511605b99a1b5ead980b6ca45b27cb48ab8e683d9251c6e2e7d9ca892a
Ubuntu Security Notice USN-2019-1
Posted Nov 11, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2019-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387, CVE-2013-0343, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4350, CVE-2013-4387
SHA-256 | 6c2a33cae01358a56b7dff9a2c615b9b8078930f6d9313c483be54e61809e22e
Red Hat Security Advisory 2013-1490-01
Posted Oct 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1490-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, udp
systems | linux, redhat
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-4299, CVE-2013-4343, CVE-2013-4345, CVE-2013-4348, CVE-2013-4350, CVE-2013-4387
SHA-256 | 940f925cc01d5946698f3c8f547317f6ac1c6b045d85b6aabe0408192318c0ec
Ubuntu Security Notice USN-1995-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1995-1 - An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2237, CVE-2013-2888, CVE-2013-2892, CVE-2013-2896, CVE-2013-2898, CVE-2013-2899, CVE-2013-4300, CVE-2013-2237, CVE-2013-2888, CVE-2013-2892, CVE-2013-2896, CVE-2013-2898, CVE-2013-2899, CVE-2013-4300
SHA-256 | 0e828e972162722656770066732a813580466305366a1309823de26dd0b6dd6d
Ubuntu Security Notice USN-1998-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1998-1 - An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2237, CVE-2013-2888, CVE-2013-2892, CVE-2013-2896, CVE-2013-2898, CVE-2013-2899, CVE-2013-4300, CVE-2013-2237, CVE-2013-2888, CVE-2013-2892, CVE-2013-2896, CVE-2013-2898, CVE-2013-2899, CVE-2013-4300
SHA-256 | 6fe1ea254476a5b155997999ca06779d4d5cc86acc30e3d6c9312115df1ff8e8
Ubuntu Security Notice USN-1977-1
Posted Sep 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1977-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2892, CVE-2013-0343, CVE-2013-2888, CVE-2013-2892
SHA-256 | 9bcca0bc7a1d69809d8c472f7ee00b8e94a9064a972136ecf68fadf65156fd8e
Ubuntu Security Notice USN-1976-1
Posted Sep 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1976-1 - An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2892, CVE-2013-0343, CVE-2013-2888, CVE-2013-2892
SHA-256 | 9aa1649709dc1c7faa282c3d1189b01172f6c3015e4818589969a25d8f9e046a
Debian Security Advisory 2766-1
Posted Sep 30, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2766-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-2141, CVE-2013-2164, CVE-2013-2206, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2239, CVE-2013-2851, CVE-2013-2852, CVE-2013-2888, CVE-2013-2892
SHA-256 | 6db36db0cf544b0d71fd346914fc4f771d7d6bf477af2e61c0f394af113ed5df
Mandriva Linux Security Advisory 2013-242
Posted Sep 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-242 - Multiple vulnerabilities has been found and corrected in the Linux kernel. Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service via a crafted device that provides an invalid Report ID. drivers/hid/hid-zpff.c in the Human Interface Device subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service via a crafted device. drivers/hid/hid-pl.c in the Human Interface Device subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service via a crafted device. Various other issues were also addressed. The updated packages provides a solution for these security issues.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2899, CVE-2013-4162, CVE-2013-4163, CVE-2013-4254
SHA-256 | 293756ed7837559d6b59c73b10281e441cc79100240203c0f546001f31ee5c5f
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close