Showing 1 - 6 of 6

CVE-2018-1066

Status Candidate

Overview

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.

Related Files

Ubuntu Security Notice USN-3880-2: Posted Feb 5, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3880-2 - USN-3880-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Various other issues were also addressed.; tags | advisory, denial of service, kernel, vulnerability; systems | linux, ubuntu; advisories | CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568; SHA-256 | e41eef2f8971b874412e48efd5c8d3f92c9b207977f7cf0a4850da5a80335941; Download | Favorite | View

Ubuntu Security Notice USN-3880-1: Posted Feb 5, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3880-1 - It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary, kernel, local; systems | linux, ubuntu; advisories | CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568; SHA-256 | eb0ada9fcea297efc352c24bdd5ddeae3d18ba54e2e99898677029db73d54cb5; Download | Favorite | View

Axis Network Camera Remote Command Execution: Posted Jul 26, 2018; Authored by sinn3r, Chris Lee, wvu, Matthew Kienow, Or Peles, Jacob Robles, Shelby Pace, Cale Black, Brent Cook | Site metasploit.com; This Metasploit module exploits an authentication bypass in .srv functionality and a command injection in parhand to execute code as the root user.; tags | exploit, root; advisories | CVE-2018-10660, CVE-2018-10661, CVE-2018-10662; SHA-256 | c10f9b22f833b812b5b5320ea587dedf77fe8a60a4a58ddec5548a2ea5fb202d; Download | Favorite | View

Axis Cameras Authorization Bypass / Unrestricted Access / Command Injection: Posted Jul 2, 2018; Authored by Or Peles | Site blog.vdoo.com; Axis Cameras suffer from authorization bypass, unrestricted dbus access, command injection, denial of service, and information disclosure vulnerabilities.; tags | exploit, denial of service, vulnerability, info disclosure; advisories | CVE-2018-10658, CVE-2018-10659, CVE-2018-10660, CVE-2018-10661, CVE-2018-10662, CVE-2018-10663, CVE-2018-10664; SHA-256 | 5e9747cd700a38abddaca3fd3d40d3df83bf20b08c4efc814e47b25f3307c9bf; Download | Favorite | View

Debian Security Advisory 4188-1: Posted May 3, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4188-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.; tags | advisory, denial of service, kernel, vulnerability; systems | linux, debian; advisories | CVE-2017-17975, CVE-2017-18193, CVE-2017-18216, CVE-2017-18218, CVE-2017-18222, CVE-2017-18224, CVE-2017-18241, CVE-2017-18257, CVE-2017-5715, CVE-2017-5753, CVE-2018-1000199, CVE-2018-10323, CVE-2018-1065, CVE-2018-1066, CVE-2018-1068, CVE-2018-1092, CVE-2018-1093, CVE-2018-1108, CVE-2018-5803, CVE-2018-7480, CVE-2018-7566, CVE-2018-7740, CVE-2018-7757, CVE-2018-7995, CVE-2018-8087, CVE-2018-8781, CVE-2018-8822; SHA-256 | c04940bd4f6e00821a6373ebaafc1e5cd084607d9b3667203e468f8e5190068a; Download | Favorite | View

Debian Security Advisory 4187-1: Posted May 3, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4187-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.; tags | advisory, denial of service, kernel, vulnerability; systems | linux, debian; advisories | CVE-2015-9016, CVE-2017-0861, CVE-2017-13166, CVE-2017-13220, CVE-2017-16526, CVE-2017-16911, CVE-2017-16912, CVE-2017-16913, CVE-2017-16914, CVE-2017-18017, CVE-2017-18203, CVE-2017-18216, CVE-2017-18232, CVE-2017-18241, CVE-2017-5715, CVE-2017-5753, CVE-2018-1000004, CVE-2018-1000199, CVE-2018-1066, CVE-2018-1068, CVE-2018-1092, CVE-2018-5332, CVE-2018-5333, CVE-2018-5750, CVE-2018-5803, CVE-2018-6927, CVE-2018-7492; SHA-256 | e47605adb85ececbd4ae2974c9376652991663a139c1e597e8d245b3700d48a9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 323 files
Ubuntu 71 files
Debian 21 files
LiquidWorm 12 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
Spencer McIntyre 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2018-1066

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems