[Bug 1846462] CVE-2019-20812 kernel: af_packet: TPACKET_V3: invalid timer timeout on error

Author:



A flaw was found in the way the af_packet functionality in the Linux kernel handled retirement timer setting for TPACKET_v3 when getting settings from the underlying network device errors out. A local user able to open af_packet domain socket and able to hit the error path could use this flaw to starve the system.



Source link

Write a comment:
*

Your email address will not be published.

RELATED STORIES
Category CERT-LatestNews Microsoft VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesMicrosoft

360-CERT每日安全简报

September 19, 2020
[更新1.0:EXP公开]CVE-2020-0618: 微软 SQL Server 报表服务远程代码执行漏洞通告. 出于安全考虑,Microsoft删除了Windows Defender的下载文件的功能. We are greeting further cooperation with all parts...
Tags ,
Read More
Category Microsoft VulnerabilitiesAll VulnerabilitiesDBMS VulnerabilitiesMicrosoft VulnerabilitiesNetwork VulnerabilitiesOS

一种对PostgreSQL数据库实现 RCE 的方法介绍

September 19, 2020
漏洞描述. 在最新版本的PostgreSQL上,superuser除C:Program FilesPostgreSQL11libWindows或/var/lib/postgresql/11/lib* nix 上,不再允许从其他任何地方加载共享库文件。此外,NETWORK_SERVICE或postgres帐户均无法写入此路径。 但是,经过身份验证的数据库superuser可以使用“big obj”将二进制文件写入文件系统,并且当然可以写入C:Program FilesPostgreSQL11data目录。对于更新/创建数据库中的表,其原因应该很清楚。 潜在的问题是CREATE…. Source link
Tags , , , ,
Read More
Category CERT-LatestNews Microsoft ThreatsCybercrime ThreatsEconomic VulnerabilitiesAll VulnerabilitiesMicrosoft VulnerabilitiesNetwork VulnerabilitiesOS

cyber.dhs.gov – Emergency Directive 20-04

September 19, 2020
September 18, 2020 Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday This...
Tags , , ,
Read More
Category CERT-LatestNews Microsoft ThreatsCybercrime ThreatsStrategic VulnerabilitiesAll VulnerabilitiesMicrosoft VulnerabilitiesNetwork VulnerabilitiesOS

CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol

September 19, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a...
Tags , , , , , , , , , , , , , , , , ,
Read More
Category Microsoft VulnerabilitiesAll VulnerabilitiesMicrosoft VulnerabilitiesNetwork

POC Code Published for Critical Elevation of Privilege Netlogon Vulnerability – Patch Now!

September 19, 2020
Summary. Proof-of-concept (POC) code was published to exploit an elevation of privilege vulnerability found in...
Tags , , , , , , , , ,
Read More
vamtam-theme-circle-post
Category CERT-LatestNews Microsoft ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesCisco VulnerabilitiesDBMS VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesOracle VulnerabilitiesOS VulnerabilitiesVMWare

основные понятия и парадигма / Хабр

September 18, 2020
В данной публикации читателям предлагается ознакомиться с основными терминами и определениями в области информационной безопасности,...
Tags , , , , , , , ,
Read More
vamtam-theme-circle-post
Category CERT-LatestNews Microsoft ThreatsEconomic VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesMicrosoft VulnerabilitiesVMWare

CVE-2020-24623 – Alert Detail – Security Database

September 18, 2020
Executive Summary This vulnerability is currently undergoing analysis and not all information is available. Please...
Tags , , , , , , , , , , , , , , , , , , , , ,
Read More
Category Microsoft VulnerabilitiesAll VulnerabilitiesDBMS VulnerabilitiesMicrosoft VulnerabilitiesOracle

Umstrittene Software: Trump will Downloads von Tiktok und WeChat blockieren

September 18, 2020
Die Regierung von US-Präsident Donald Trump erhöht im Ringen um die Zukunft der populären Video-App...
Tags , , , , , , , , ,
Read More
vamtam-theme-circle-post
Category CERT-LatestNews Microsoft ThreatsCybercrime ThreatsStrategic VulnerabilitiesAll VulnerabilitiesCrypto VulnerabilitiesMicrosoft VulnerabilitiesNetwork

NICER Protocol Deep Dive: Internet Exposure of SMB

September 18, 2020
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all...
Tags , , , , , , ,
Read More
vamtam-theme-circle-post
Category Microsoft VulnerabilitiesAll VulnerabilitiesDBMS VulnerabilitiesMicrosoft VulnerabilitiesOracle

Download-Sperre: USA erhöhen Druck auf TikTok

September 18, 2020
Download-Sperre Die Regierung von US-Präsident Donald Trump erhöht im Ringen um die Zukunft der populären...
Tags , , , , , ,
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact