Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


[Dailydave] Denial of Service?
.

  • To: [EMAIL PROTECTED]
  • Subject: [Dailydave] Denial of Service?
  • From: Dave Aitel <[EMAIL PROTECTED]>
  • Date: Mon, 01 Dec 2008 11:21:40 -0500
.
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reading through today's list of kernel bugs from Ubuntu I noticed a
lot of "denial of services". Are these really denial of services? Can
we get an exploitability index explanation for these? :>

- -dave

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
It was discovered that the Xen hypervisor block driver did not correctly
validate requests. A user with root privileges in a guest OS could make a
malicious IO request with a large number of blocks that would crash the
host OS, leading to a denial of service. This only affected Ubuntu 7.10.
(CVE-2007-5498)

It was discovered the the i915 video driver did not correctly validate
memory addresses. A local attacker could exploit this to remap memory that
could cause a system crash, leading to a denial of service. This issue did
not affect Ubuntu 6.06 and was previous fixed for Ubuntu 7.10 and 8.04 in
USN-659-1. Ubuntu 8.10 has now been corrected as well. (CVE-2008-3831)

David Watson discovered that the kernel did not correctly strip
permissions
when creating files in setgid directories. A local user could exploit this
to gain additional group privileges. This issue only affected Ubuntu 6.06.
(CVE-2008-4210)

Olaf Kirch and Miklos Szeredi discovered that the Linux kernel did
not correctly reject the "append" flag when handling file splice
requests. A local attacker could bypass append mode and make changes to
arbitrary locations in a file. This issue only affected Ubuntu 7.10 and
8.04. (CVE-2008-4554)

It was discovered that the SCTP stack did not correctly handle INIT-ACK. A
remote user could exploit this by sending specially crafted SCTP traffic
which would trigger a crash in the system, leading to a denial of service.
This issue did not affect Ubuntu 8.10. (CVE-2008-4576)

It was discovered that the SCTP stack did not correctly handle bad packet
lengths. A remote user could exploit this by sending specially crafted
SCTP
traffic which would trigger a crash in the system, leading to a denial of
service. This issue did not affect Ubuntu 8.10. (CVE-2008-4618)

Eric Sesterhenn discovered multiple flaws in the HFS+ filesystem. If a
local user or automated system were tricked into mounting a malicious HFS+
filesystem, the system could crash, leading to a denial of service.
(CVE-2008-4933, CVE-2008-4934, CVE-2008-5025)

It was discovered that the Unix Socket handler did not correctly process
the SCM_RIGHTS message. A local attacker could make a malicious socket
request that would crash the system, leading to a denial of service.
(CVE-2008-5029)

It was discovered that the driver for simple i2c audio interfaces did not
correctly validate certain function pointers. A local user could exploit
this to gain root privileges or crash the system, leading to a denial of
service. (CVE-2008-5033)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJNA8UtehAhL0gheoRAjtRAJ9ESL9XKcnU9e8Js6ZHjYF8u6UHxACePgzM
tlRWKYsPrKUXbmlFqWKrXRE=
=ZCS4
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
[EMAIL PROTECTED]
http://lists.immunitysec.com/mailman/listinfo/dailydave
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.