Computer Security
[EN] securityvulns.ru no-pyccku


Linux kernel multiple security vulnerabilities
updated since 14.05.2012
Published:24.05.2012
Source:
SecurityVulns ID:12376
Type:local
Threat Level:
6/10
Description:DoS conditions, protection bypass, buffer overflow
Affected:LINUX : kernel 2.6
 LINUX : kernel 3.3
CVE:CVE-2012-2319 (Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020.)
 CVE-2012-2133 (Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data.)
 CVE-2012-2123 (The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.)
 CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.)
Original documentdocumentpi3_(at)_pi3.com.pl, The story of the Linux kernel 3.x... (24.05.2012)
 documentTimo Warns, [PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem (24.05.2012)
 documentDEBIAN, [SECURITY] [DSA 2469-1] linux-2.6 security update (14.05.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod