Penetration Testing mailing list archives
Recent Linux vulnerabilities
From: Leonardo Eloy <leonardo () morphus com br>
Date: Tue, 18 Jan 2005 11:17:46 -0300
Hi list,It's known that the Linux kernel has multiple vulnerabilities (I counted 22 just this month, listed below). In the audits I've been participating I turned my main test point to the Linux Kernel, when local user privilege has been achieved.
I was wondering, how many of you do really use these vulnerabilities when doing pen tests?
List of known kernel vulnerabilites in January/2005 (soruce: securityfocus.com):
2005-01-14: Linux Kernel SMBFS Multiple Remote Vulnerabilities2005-01-14: Linux Kernel Multiple Local MOXA Serial Driver Buffer Overflow Vulnerabilities 2005-01-14: Linux Kernel ELF Binary Loading Denial Of Service Vulnerability
2005-01-14: Linux Kernel IGMP Multiple Vulnerabilities2005-01-14: Linux Kernel USB io_edgeport Driver Local Integer Overflow Vulnerability
2005-01-14: Linux Kernel SCM_SEND Local Denial of Service Vulnerability2005-01-14: Linux Kernel EXT3 File System Information Leakage Vulnerability 2005-01-14: Linux Kernel BINFMT_ELF Loader Local Privilege Escalation Vulnerabilities 2005-01-14: Linux Kernel AF_UNIX Arbitrary Kernel Memory Modification Vulnerability 2005-01-14: Linux Kernel USB Driver Uninitialized Structure Information Disclosure Vulnerability 2005-01-13: Linux Kernel User Triggerable BUG() Unspecified Local Denial of Service Vulnerability 2005-01-13: Linux Kernel Local Denial Of Service And Memory Disclosure Vulnerabilities 2005-01-13: Linux kernel Uselib() Local Privilege Escalation Vulnerability
2005-01-11: Linux Kernel Multiple Unspecified Vulnerabilities2005-01-11: Linux Kernel Local RLIMIT_MEMLOCK Bypass Denial Of Service Vulnerability
2005-01-11: Linux Kernel SCSI IOCTL Integer Overflow Vulnerability2005-01-11: Linux Kernel Random Poolsize SysCTL Handler Integer Overflow Vulnerability 2005-01-11: Linux Security Modules Process Capabilities Design Error Vulnerability 2005-01-05: Linux Kernel Local File Descriptor Passing Security Module Bypass Vulnerability 2005-01-05: Linux Kernel SYSENTER Thread Information Pointer Local Information Disclosure Vulnerability 2005-01-04: Linux Kernel Sock_DGram_SendMsg Local Denial Of Service Vulnerability
2005-01-04: Linux Kernel Multiple Local VulnerabilitiesRegards,
-- Leonardo Eloy, LPIC-1, FCSE Security Analyst Morphus Tecnologia Fone/Fax: 85 3452.5733/5737 Móvel: 85 8802.6740 e-mail: leonardo () morphus com br site: http://www.morphus.com.br The information contained in this message and in the attached files are restricted, and its confidentiality protected by law. In case you are not the addressee, be aware that the reading, spreading and copy of this message is unauthorized. Please, delete this message and notify the sender. The improper use of this information will be treated according the company's internal rules and legal laws.
Current thread:
- Recent Linux vulnerabilities Leonardo Eloy (Jan 20)
- Re: Recent Linux vulnerabilities Michael Richardson (Jan 20)
- Message not available
- Re: Recent Linux vulnerabilities Leonardo Eloy (Jan 20)
- Message not available
- Re: Recent Linux vulnerabilities Michael Richardson (Jan 20)