Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Linux Kernel Socket Denial of Service Vulnerability
Quote:
Vegard Nossum has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to a design error when handling Unix sockets, which can be exploited to cause an out of memory condition via a specially crafted application.
Linux Kernel inotify Memory Leak Denial of Service Vulnerability
Quote:
Vegard Nossum has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to a memory leak within the "inotify_init()" system call in fs/notify/inotify/inotify_user.c, which potentially can be exploited to cause an out of memory condition.
Linux Kernel "install_special_mapping()" mmap_min_addr Security Bypass Weakness
Quote:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.
The weakness is caused due to the "install_special_mapping()" function in mm/mmap.c not properly restricting mappings below the limit set via the "mmap_min_addr" sysctl, which can be exploited to map memory into forbidden areas.
Linux Kernel "irda_getsockopt()" Integer Underflow Weakness
Quote:
Dan Rosenberg has reported a weakness in the Linux Kernel, which can be exploited by malicious, local users to disclose system information.
The weakness is caused due to an integer underflow within the "irda_getsockopt()" function in net/irda/af_irda.c and can be exploited to e.g. disclose kernel memory via a specially crafted "IRLMP_ENUMDEVICES" getsockopt.
Linux Kernel "load_mixer_volumes()" Vulnerabilities
Quote:
Dan Rosenberg has reported two vulnerabilities in the Linux Kernel, which can be exploited by malicious, local users to disclose certain system information and potentially gain escalated privileges.
1) A boundary error within the "load_mixer_volumes()" function in sound/oss/soundcard.c can be exploited to cause a buffer overflow and e.g. potentially execute arbitrary code in kernel mode by sending a specially crafted SOUND_MIXER_SETLEVELS IOCTL.
2) An error within the "load_mixer_volumes()" function in sound/oss/soundcard.c can be exploited to disclose certain kernel memory by sending a specially crafted SOUND_MIXER_SETLEVELS IOCTL.
Successful exploitation requires that OSS is used and the attacker has write access to a vulnerable audio device (e.g. is member of the "audio" group).
Linux Kernel "dvb_ca_ioctl()" Memory Corruption Vulnerability
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
The vulnerability is caused due to an error within the "dvb_ca_ioctl()" function in drivers/media/dvb/ttpci/av7110_ca.c, which can be exploited to cause a kernel memory corruption by sending a specially crafted IOCTL.
Linux Kernel "xfs_fs_geometry()" Memory Disclosure Weakness
Quote:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose certain system information.
The weakness is caused due to the "xfs_fs_geometry()" function in fs/xfs/xfs_fsops.c is not properly initialising the "logsunit" member of the "xfs_fsop_geom_t" structure before copying it to userspace, which can be exploited to disclose kernel stack memory.
Linux Kernel World-Writable sysfs and procfs Files Weaknesses
Quote:
Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.
The weaknesses are caused due to various procfs and sysfs file being world-writable, which can be exploited to e.g. change certain settings, write into certain hardware registers or the NVRAM, or install certain firmware.
Linux Kernel "/proc/<pid>/" Permissions Handling Weakness
Quote:
halfdog has discovered a weakness in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.
The weakness is caused due to improper permissions handling of opened files within the "/proc/<pid>/" directory when a SUID program is being executed. This can be exploited to disclose certain memory information or manipulate some process settings (e.g. coredump_filter).
The weakness is confirmed in version 2.6.37. Other versions may also be affected.
Vasiliy Kulikov has reported a weakness and some vulnerabilities in the Linux Kernel, which can be exploited by malicious, local users to disclose system information or cause a DoS (Denial of Service).
1) The "sco_sock_getsockopt_old()" function in net/bluetooth/sco.c is not properly initialising a member of a certain structure before copying it to userspace, which can be exploited to disclose kernel stack memory.
2) The "bnep_sock_ioctl()" function in net/bluetooth/bnep/sock.c does not properly terminate the device name, which can be exploited to cause a "BUG()" or disclose system information.
3) The "do_replace()" function in net/bridge/netfilter/ebtables.c does not properly terminate a string, which can be exploited to disclose system information.
Successful exploitation of vulnerabilities #2 and #3 requires CAP_NET_ADMIN capabilities.
Linux Kernel epoll Denial of Service Vulnerability
Quote:
A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the epoll implementation, which can be exploited to cause a high CPU consumption via nested epoll structures.
The vulnerability is confirmed in version 2.6.37. Other versions may also be affected.
Linux Kernel DNS Resolver Key NULL Pointer Dereference Vulnerability
Quote:
A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereference error when reading a DNS resolver key instantiated with an error indication, which can be exploited to crash the kernel.
The vulnerability is confirmed in version 2.6.37. Other versions may also be affected.
Linux Kernel "ldm_frag_add()" Buffer Overflow Vulnerability
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people with physical access to potentially compromise a vulnerable system.
The vulnerability is caused due to an error within the "ldm_frag_add()" function in fs/partitions/ldm.c, which can be exploited to cause a buffer overflow by e.g. plugging in a USB drive with a specially crafted LDM partition.
Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.
The weaknesses are caused due to the "tpm_open()", "tpm_transmit()", "tpm_write()", and "tpm_read()" functions in drivers/char/tpm/tpm.c do not properly clearing certain memory, which can be exploited to disclose potentially sensitive information.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.