info@unhackable.org Phone: +877 547 3638

Kernel Local Privilege Escalation (CVE-2016-5195, a.k.a. “DirtyCOW”)

A veryserious 0-day Linux kernel vulnerability was discovered and disclosed. What is the CVE-2016-5195? CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE. Why is it called the Dirty COW bug? “A race condition was found in the way the […]

Read More »

CVE-2014-5119 glibc __gconv_translit_find() exploit

Date: Mon, 25 Aug 2014 19:00:15 -0700 From: Tavis Ormandy To: fulldisclosure@…lists.org, oss-security@…ts.openwall.com Subject: CVE-2014-5119 glibc __gconv_translit_find() exploit List, back in July, I described CVE-2014-5119, a fiendish single-fixed-byte heap metadata overflow in the glibc internal routine __gconv_translit_find(). This is caused by the file extension being incorrectly appended to the transliteration module filename. The result is […]

Read More »

Ubuntu Security Advisory USN-1361-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-1361-1 13th February, 2012 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 10.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local userwho can mount a FUSE […]

Read More »

RedHat Security Advisory: RHSA-2012:0107-1 Important: kernel security and bug fix update

Advisory: RHSA-2012:0107-1 Type: Security Advisory Severity: Important Issued on: 2012-02-09 Last updated on: 2012-02-09 Affected Products: Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) CVEs (cve.mitre.org): CVE-2011-3638CVE-2011-4086CVE-2011-4127CVE-2012-0028CVE-2012-0207 Details Updated kernel packages that fix multiple security issues and two bugs arenow available for Red Hat Enterprise Linux 5. The […]

Read More »

Linux vendors rush to patch privilege escalation flaw after root exploits emerge – affects kernel >=2.6.39

Linux vendors are rushing to patch a privilege escalation vulnerability in the Linux kernel that can be exploited by local attackers to gain root access on the system. The vulnerability, which is identified as CVE-2012-0056, was discovered by Jüri Aedla and is caused by a failure of the Linux kernel to properly restrict access to […]

Read More »