[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS2-2018-1086 --- kernel perf python-perf

ID: oval:org.secpod.oval:def:1700082Date: (C)2018-10-16   (M)2024-02-19
Class: PATCHFamily: unix




A security flaw was found in the chap_server_compute_md5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target"s code was built an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely.An information leak was discovered in the Linux kernel in cdrom_ioctl_drive_status function in drivers/cdrom/cdrom.c that could be used by local attackers to read kernel memory at certain location.A security flaw was discovered in the Linux kernel. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free via certain thread creation, map, unmap, invalidation, and dereference operations.

Platform:
Amazon Linux 2
Product:
kernel
perf
python-perf
Reference:
ALAS2-2018-1086
CVE-2018-16658
CVE-2018-14633
CVE-2018-17182
CVE    3
CVE-2018-16658
CVE-2018-17182
CVE-2018-14633
CPE    2126
cpe:/o:linux:linux_kernel:2.4.27:pre5
cpe:/o:linux:linux_kernel:2.4.27:pre4
cpe:/o:linux:linux_kernel:2.4.27:pre1
cpe:/o:linux:linux_kernel:2.4.27:pre3
...

© SecPod Technologies