exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

CVE-2014-0196

Status Candidate

Overview

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

Related Files

Ubuntu Security Notice USN-2260-1
Posted Jun 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2260-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0077, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2568, CVE-2014-2851, CVE-2014-3122, CVE-2014-3153
SHA-256 | a4a39b070b3c2638637a0a3a42c4348f420eadd2c2d14b44a27b4ddd0bcfd35c
Mandriva Linux Security Advisory 2014-124
Posted Jun 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-124 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2012-2137, CVE-2013-2897, CVE-2014-0069, CVE-2014-0077, CVE-2014-0101, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874, CVE-2014-2039, CVE-2014-2309, CVE-2014-2523, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153, CVE-2014-3917
SHA-256 | 73e79f50856da66b94dc300dcf75b8e4967914b79209768459dcab2e0db44614
Red Hat Security Advisory 2014-0678-02
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0678-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-0196
SHA-256 | 0af5814a25e17e5b72245dadeadbd9fe62d8a7285c1aa869a96c92fbd8095db7
Red Hat Security Advisory 2014-0557-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0557-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU list under certain conditions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system by sending a large amount of specially crafted fragmented packets to that system.

tags | advisory, remote, kernel, tcp, protocol
systems | linux, redhat
advisories | CVE-2014-0100, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3122
SHA-256 | 11e08a25ccc9449b51fc974bf55d7895cac1d67aa00b70338d758bd8911c49a6
Ubuntu Security Notice USN-2227-1
Posted May 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2227-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-4483, CVE-2014-0069, CVE-2014-0077, CVE-2014-0101, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2309, CVE-2014-2523, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851
SHA-256 | 030f8dbdef1c111fe4bbe4103734f72cb888f3ba4144f7241099df3eede3cb21
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140520
Posted May 21, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release updates tor to version 0.2.4.22, the kernel to 3.14.4 plus Gentoo's hardened-patches, and openssh to 6.6p1. The bump in tor adds an important block to authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL, CVE-2014-0160. The bump in the kernel addresses the pty layer race condition memory corruption, CVE-2014-0196. Upgrading is strongly recommended.
tags | tool, kernel, peer2peer
systems | linux
advisories | CVE-2014-0160, CVE-2014-0196
SHA-256 | 3306c7e085052181a0b7cb7150f2e6a86adc9942ce70c90c6ca896ea79857940
Red Hat Security Advisory 2014-0520-01
Posted May 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0520-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-0101, CVE-2014-0196
SHA-256 | cf3230577c1120f15292cc4b5ce4d76ea79c82dfeeb2391d814a2ba0d353662d
Red Hat Security Advisory 2014-0512-01
Posted May 19, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0512-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-0196
SHA-256 | fa55406cf632fc5cffe50d9de595748c36a5faeed71c118696960fbef60173de
Debian Security Advisory 2928-1
Posted May 15, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2928-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-0196, CVE-2014-1737, CVE-2014-1738
SHA-256 | 94181887db3182cd102cc9832bea482e248427764ebad1d14421ba5fe3931dc4
Linux Kernel 3.15-rc4 PTY Race Condition
Posted May 14, 2014
Authored by Matthew Daley

Linux Kernel versions above 3.14-rc1 and below 3.15-rc4 raw mode PTY local echo race condition privilege escalation proof of concept exploit. This bug also affects kernel 2.6.31-rc3 and newer.

tags | exploit, kernel, local, proof of concept
systems | linux
advisories | CVE-2014-0196
SHA-256 | 3e2aeb3682476066fd47d615fa123347b94017a25a410fef128e012fea785cdf
Debian Security Advisory 2926-1
Posted May 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2926-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2851, CVE-2014-3122
SHA-256 | 2ff6a9cef6f75173fbb9a851496e91bcebf16f3973bcc56986a4017694bb405f
Ubuntu Security Notice USN-2204-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2204-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | dd7a26245866c9a5c07f22316740d7f9acf798a4a732970e7b6e116adc20e740
Ubuntu Security Notice USN-2203-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2203-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | c8d25e87b929d65edcc4cd7a6d6997665aa69f135e56f3af4a28e7a152ae78ae
Ubuntu Security Notice USN-2202-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2202-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | 391772af2fe8a72ffc41773aafe534e075b531dc203a91903e122f9adaa42138
Ubuntu Security Notice USN-2201-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2201-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | fb6cb392ae5025b853c23e0430dec9d8ad8a370f8d544cc861684db1e453338d
Ubuntu Security Notice USN-2200-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2200-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | 58b21505b3ee4b4f9e782fef31f952a0b9c0df237cc181522f5eed95a55ae5a5
Ubuntu Security Notice USN-2199-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2199-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | 895e12b282957d8d9a403060050150dc4fdd148f9a42d3595bb1170fd560463e
Ubuntu Security Notice USN-2196-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2196-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | 86d38fbc6418df4de6cab53031a6df5774f0fa1a28eb2685d604c9a0545d454a
Ubuntu Security Notice USN-2198-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2198-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | 4cd66a33cf7bd7b75d1dfcc1384e054c40e7d85f25e960c208bf19e7e72d6e6d
Ubuntu Security Notice USN-2197-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2197-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | bed89c789a924164c49f25a9ba1c04c675e19f473575882e6c37259a569abf3b
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close