Showing 1 - 3 of 3

CVE-2014-3534

Status Candidate

Overview

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.

Related Files

Mandriva Linux Security Advisory 2014-201: Posted Oct 21, 2014; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2014-201 - Multiple vulnerabilities has been found and corrected in the Linux kernel. These include stack-based buffer overflows and denial of service issues.; tags | advisory, denial of service, overflow, kernel, vulnerability; systems | linux, mandriva; advisories | CVE-2014-3122, CVE-2014-3181, CVE-2014-3182, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-3534, CVE-2014-3601, CVE-2014-5077, CVE-2014-5206, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410, CVE-2014-7975; SHA-256 | 18d0010448f4aacc19c217e3371db5d34c01d05bb3fb2bb9179b1b838891d685; Download | Favorite | View

Red Hat Security Advisory 2014-1023-01: Posted Aug 7, 2014; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2014-1023-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read and write access to kernel memory. It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process.; tags | advisory, kernel, local; systems | linux, redhat; advisories | CVE-2014-0181, CVE-2014-2672, CVE-2014-2673, CVE-2014-2706, CVE-2014-3534, CVE-2014-4667; SHA-256 | f9da9b1899cc57348f709c1973cd2b23ba66942f2757b90ce1d32a5e61df9fa6; Download | Favorite | View

Debian Security Advisory 2992-1: Posted Jul 30, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2992-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.; tags | advisory, denial of service, kernel, vulnerability; systems | linux, debian; advisories | CVE-2014-3534, CVE-2014-4667, CVE-2014-4943; SHA-256 | b301d9f7ff1c8b9091708894011578d9ffcace82fa2e17ac8e78f3fb69432557; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 242 files
Ubuntu 52 files
Debian 22 files
LiquidWorm 15 files
Apple 9 files
Gentoo 8 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,166)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,960)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,989)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2014-3534

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems