CVE-2015-1805
published 2015-08-08CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed…
PriorityP274high7.2CVSS 2.0
AVLACLAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.41%
69.2th percentile
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 3.16.2-2 (bookworm) | linux 3.16.2-2 (bookworm) |
| android | <= 6.0.1 | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| linux | linux_kernel | <= 3.15.10 | — |
| linux | linux_kernel | >= 0 < 3.16.2-2 | 3.16.2-2 |
| linux | linux_kernel | >= 0 < 3.16.2-2 | 3.16.2-2 |
| linux | linux_kernel | >= 0 < 3.16.2-2 | 3.16.2-2 |
| linux | linux_kernel | >= 0 < 3.16.2-2 | 3.16.2-2 |
| linux | linux_kernel | >= 0 < 3.13.0-86.130 | 3.13.0-86.130 |
| linux | linux_kernel | >= 0 < 3.13.0-58.97 | 3.13.0-58.97 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect the ANDROIDOS_ANDRORAT.HRXC malware family (AndroRAT variant) targeting CVE-2015-1805; look for the package name com.cleaner.trashcleaner on Android devices. ↗
- →Monitor for the Iovyroot exploit (CVE-2015-1805) being used alongside KingoRoot to root ARM 32-bit CPU Android devices, as seen in ZNIU malware campaigns. ↗
- →Flag Android devices running OS versions that have not received patches after April 2016, as they remain vulnerable to CVE-2015-1805 exploitation by this AndroRAT variant. ↗
- ·The AndroRAT variant's RAT service is remotely configurable, meaning the C2 server can issue different commands dynamically; static IOCs may not capture all payload behaviors. ↗
- ·The malicious apps carrying this AndroRAT variant were never distributed via Google Play; detections should focus on sideloaded/third-party app store installs. ↗
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vulncheck7.2HIGH
vendor_debian7.2HIGH
vendor_redhat7.2HIGH
vendor_ubuntu7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qc32-8fv3-qwvw: The (1) pipe_read and (2) pipe_write implementations in fs/pipe
ghsa_unreviewed·2022-05-17·CVSS 7.2
CVE-2016-0774 [HIGH] CWE-20 GHSA-qc32-8fv3-qwvw: The (1) pipe_read and (2) pipe_write implementations in fs/pipe
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
GHSA
GHSA-c8vr-r7wq-hc48: The (1) pipe_read and (2) pipe_write implementations in fs/pipe
ghsa_unreviewed·2022-05-14
CVE-2015-1805 [HIGH] GHSA-c8vr-r7wq-hc48: The (1) pipe_read and (2) pipe_write implementations in fs/pipe
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
Project0
In-the-Wild Series: Android Exploits - Project Zero
project_zero·2021-01-01·CVSS 7.8
CVE-2015-0569 [HIGH] In-the-Wild Series: Android Exploits - Project Zero
This is part 4 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post.
Posted by Mark Brand, Project Zero
A survey of the exploitation techniques used by a high-tier attacker against Android devices in 2020
## Introduction
After one of the Chrome exploits has been successful, there are several (quite simple) stages of payload decryption that occur. Once we've got through that, we reach a much more complex binary that is clearly the result of some engineering work. Thanks to that engineering it's very simple for us to locate and examine the exploits embedded inside! For each privilege elevation, they have a function in the .init_array which will register it into a global
OSV
linux vulnerabilities
osv·2016-05-09·CVSS 7.2
CVE-2015-7515 [HIGH] linux vulnerabilities
linux vulnerabilities
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ben Hawkes discovered that the Linux kernel's AIO interface allowed single
writes greater than 2GB, which could cause an integer overflow when writing
to certain filesystems, socket or device types. A local attacker could this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2015-8830)
It was discovered that the Linux kernel did not keep accurate track of pipe
buffer details when error conditions occurred, due to an incomplete fix for
CVE-2015-1805. A local attacker could use this to c
OSV
CVE-2016-0774: The (1) pipe_read and (2) pipe_write implementations in fs/pipe
osv·2016-04-27·CVSS 7.2
CVE-2016-0774 [HIGH] CVE-2016-0774: The (1) pipe_read and (2) pipe_write implementations in fs/pipe
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
OSV
CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe
osv·2015-08-08·CVSS 7.2
CVE-2015-1805 [HIGH] CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
OSV
linux vulnerabilities
osv·2015-07-23·CVSS 7.2
CVE-2015-1805 [HIGH] linux vulnerabilities
linux vulnerabilities
A flaw was discovered in the user space memory copying for the pipe iovecs
in the Linux kernel. An unprivileged local user could exploit this flaw to
cause a denial of service (system crash) or potentially escalate their
privileges. (CVE-2015-1805)
A flaw was discovered in the kvm (kernel virtual machine) subsystem's
kvm_apic_has_events function. A unprivileged local user could exploit this
flaw to cause a denial of service (system crash). (CVE-2015-4692)
Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter
JIT optimization. A local attacker could exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4700)
A flaw was discovered in how the Linux kernel handles invalid UDP
checksums. A remote attacker could exploit this flaw to
VulnCheck
Linux kernel before 3.16 pipe_read and pipe_write I/O Vector Array Overrun
vulncheck·2015·CVSS 7.2
CVE-2015-1805 [HIGH] Linux kernel before 3.16 pipe_read and pipe_write I/O Vector Array Overrun
Linux kernel before 3.16 pipe_read and pipe_write I/O Vector Array Overrun
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
Affected: Google Android
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://source.android.com/docs/security/bulletin/advisory/2016-03-18; https://www.recordedfuture.com/blog/top-vulnerabilities-2018
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 7.2
CVE-2015-7515 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ben Hawkes discovered that the Linux kernel's AIO interface allowed single
writes greater than 2GB, which could cause an integer overflow when writing
to certain filesystems, socket or device types. A local attacker could this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2015-8830)
It was discovered that the Linux kernel did not keep accurate track of pipe
buffer details when error conditions occurred, due to
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 6.2
CVE-2013-4312 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7566)
Ral
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 7.2
CVE-2015-7515 [HIGH] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
USN-2968-1 fixed vulnerabilities in the Linux kernel for Ubuntu
14.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for
Ubuntu 12.04 LTS.
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ben Hawkes discovered that the Linux kernel's AIO interface allowed single
writes greater than 2GB, which could cause an integer overflow when writing
to certain filesystems, socket or device types. A local attacker could this
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 6.2
CVE-2013-4312 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-75
Android
CVE-2015-1805: Android Security Bulletin 2016-05-01
CVE: CVE-2015-1805
Severity: CRITICAL
vendor_android·2016-05-01·CVSS 7.2
CVE-2015-1805 [HIGH] CVE-2015-1805: Android Security Bulletin 2016-05-01
CVE: CVE-2015-1805
Severity: CRITICAL
Android Security Bulletin 2016-05-01
CVE: CVE-2015-1805
Severity: CRITICAL
Red Hat
kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
vendor_redhat·2016-02-02·CVSS 7.2
CVE-2016-0774 [HIGH] kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic re
Debian
CVE-2016-0774: linux - The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain L...
vendor_debian·2016·CVSS 7.2
CVE-2016-0774 [HIGH] CVE-2016-0774: linux - The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain L...
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
Scope: local
bookworm: resolved (fixed in 3.16.2-2)
bullseye: resolved (fixed in 3.16.2-2)
forky: resolved (fixed in 3.16.2-2)
sid: resolved (fixed in 3.16.2-2)
trixie: resolved (fixed in 3.16.2-2)
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2015-07-23·CVSS 7.2
CVE-2015-1805 [HIGH] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the user space memory copying for the pipe iovecs
in the Linux kernel. An unprivileged local user could exploit this flaw to
cause a denial of service (system crash) or potentially escalate their
privileges. (CVE-2015-1805)
A flaw was discovered in the kvm (kernel virtual machine) subsystem's
kvm_apic_has_events function. A unprivileged local user could exploit this
flaw to cause a denial of service (system crash). (CVE-2015-4692)
Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter
JIT optimization. A local attacker could exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4700)
A flaw was discovered in how the L
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2015-07-23·CVSS 7.2
CVE-2015-1805 [HIGH] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the user space memory copying for the pipe iovecs
in the Linux kernel. An unprivileged local user could exploit this flaw to
cause a denial of service (system crash) or potentially escalate their
privileges. (CVE-2015-1805)
Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter
JIT optimization. A local attacker could exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4700)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-07-23·CVSS 7.2
CVE-2015-1805 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the user space memory copying for the pipe iovecs
in the Linux kernel. An unprivileged local user could exploit this flaw to
cause a denial of service (system crash) or potentially escalate their
privileges. (CVE-2015-1805)
A flaw was discovered in the kvm (kernel virtual machine) subsystem's
kvm_apic_has_events function. A unprivileged local user could exploit this
flaw to cause a denial of service (system crash). (CVE-2015-4692)
Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter
JIT optimization. A local attacker could exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4700)
A flaw was discovered in how the Linux kernel h
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-07-23·CVSS 7.2
CVE-2015-1805 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the user space memory copying for the pipe iovecs
in the Linux kernel. An unprivileged local user could exploit this flaw to
cause a denial of service (system crash) or potentially escalate their
privileges. (CVE-2015-1805)
Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter
JIT optimization. A local attacker could exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4700)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstal
Red Hat
kernel: pipe: iovec overrun leading to memory corruption
vendor_redhat·2015-06-02·CVSS 7.2
CVE-2015-1805 [HIGH] kernel: pipe: iovec overrun leading to memory corruption
kernel: pipe: iovec overrun leading to memory corruption
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or,
Debian
CVE-2015-1805: linux - The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux k...
vendor_debian·2015·CVSS 7.2
CVE-2015-1805 [HIGH] CVE-2015-1805: linux - The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux k...
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
Scope: local
bookworm: resolved (fixed in 3.16.2-2)
bullseye: resolved (fixed in 3.16.2-2)
forky: resolved (fixed in 3.16.2-2)
sid: resolved (fixed in 3.16.2-2)
trixie: resolved (fixed in 3.16.2-2)
No detection rules found.
arXiv
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
arxiv_fulltext·2022-09-26
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
Meghna Pancholi
[email protected]
Columbia University
Andreas D. Kellas
[email protected]
Columbia University
Vasileios P. Kemerlis
[email protected]
Brown University
Simha Sethumadhavan
[email protected]
Columbia University
## Abstract
We introduce , a novel technique for automatically learning system
call filtering policies for containerized microservices applications. At
run-time, automatically learns which system calls a program should
be allowed to invoke, while rejecting attempts to call spurious system calls.
Further, addresses many of the shortcomings of state-of-the-art
static analysis-based techniques, such as the ability to generate tight filters
for programs written in interpreted languages such as PHP, Python, and
JavaScript. has a simple and rob
CTF
20190608-0ctf_tctf2019finals / README
ctf_writeups·2019
20190608-0ctf_tctf2019finals / README
# 0CTF/TCTF 2019 Finals
We got 2nd place in 0CTF/TCTF 2019 Finals (Shanghai, China).
As we have lots of final exams at that week, we don't have much time to finish this writeup in detail. We'll just write down the post-competition salon notes for most of the challenge.
**It's recommended to read our responsive [web version](https://balsn.tw/ctf_writeup/20190608-0ctf_tctf2019finals/) of this writeup.**
- [0CTF/TCTF 2019 Finals](#0ctftctf-2019-finals)
- [Pwn](#pwn)
- [BabyHeap 2.29](#babyheap-229)
- [Embeded Heap](#embeded-heap)
- [png2a](#png2a)
- [wasabi001](#wasabi001)
- [Solution1:](#solution1)
- [Solution2 (intended):](#solution2-intended)
- [wasabi002](#wasabi002)
- [Solution:](#solution)
- [Fast_Furious](#fast_furious)
- [unintended solution](#unintended-solution)
- [Fast_Furious
Bugzilla
CVE-2016-0774 kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
bugzilla·2016-02-02·CVSS 7.2
CVE-2016-0774 [HIGH] CVE-2016-0774 kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
CVE-2016-0774 kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and
buffer length in sync on failed atomic read, potentially resulting in pipe
buffer state corruption.
A local, unprivileged user could use this flaw to crash the system or leak
kernel memory to user-space.
Upstream Linux kernel is not affected by this flaw as it was introduced by
the Red Hat Enterprise Linux only fix for CVE-2015-1805.
Acknowledgements:
The security impact of this issue was discovered by Red Hat.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7.1 EUS - Server and Compute Node Only
Via RHSA-2016:0103 https://rhn.redhat.com/errata/RHSA-2016-0103.html
--
Bugzilla
CVE-2015-1805 kernel: pipe: iovec overrun leading to memory corruption
bugzilla·2015-03-17·CVSS 7.2
CVE-2015-1805 [HIGH] CVE-2015-1805 kernel: pipe: iovec overrun leading to memory corruption
CVE-2015-1805 kernel: pipe: iovec overrun leading to memory corruption
A flaw was found in the way pipe_iov_copy_from_user() and
pipe_iov_copy_to_user() functions handled iovecs remaining len accounting on
failed atomic access.
An unprivileged local user could this flaw to crash the system or, potentially,
escalate their privileges on the system.
Upstream fixes:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1
Acknowledgements:
The security impact of this issue was discovered by Red Hat.
Discussion:
Statement:
This issue does affect the Linux kernel packages as shipped with Red Hat
Enterprise Linux 5, 6
Trendmicro
New AndroRAT Exploits Allow for Permanent Rooting
blogs_trendmicro·2018-02-13·CVSS 7.2
CVE-2015-1805 [HIGH] New AndroRAT Exploits Allow for Permanent Rooting
Mobilgeräte
## New AndroRAT Exploits Allow for Permanent Rooting
A new variant of Android Remote Access Tool can inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and more. It targets CVE-2015-1805, a vulnerability disclosed in 2016.
By: Veo Zhang, Jason Gu, Seven Shen Feb 13, 2018 Read time: ( words)
Save to Folio
Trend Micro detected a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture. This AndroRAT targets CVE-2015-1805 , a publicly disclosed vulnerability in 2016 that allows attackers to penetr
Trendmicro
New AndroRAT Exploits Allow for Permanent Rooting
blogs_trendmicro·2018-02-13·CVSS 7.2
CVE-2015-1805 [HIGH] New AndroRAT Exploits Allow for Permanent Rooting
Dispositivos móviles
## New AndroRAT Exploits Allow for Permanent Rooting
A new variant of Android Remote Access Tool can inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and more. It targets CVE-2015-1805, a vulnerability disclosed in 2016.
By: Veo Zhang, Jason Gu, Seven Shen Feb 13, 2018 Read time: ( words)
Save to Folio
Trend Micro detected a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture. This AndroRAT targets CVE-2015-1805 , a publicly disclosed vulnerability in 2016 that allows attackers
Trendmicro
New AndroRAT Exploits Allow for Permanent Rooting
blogs_trendmicro·2018-02-13·CVSS 7.2
CVE-2015-1805 [HIGH] New AndroRAT Exploits Allow for Permanent Rooting
Mobile
# New AndroRAT Exploits Allow for Permanent Rooting
A new variant of Android Remote Access Tool can inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and more. It targets CVE-2015-1805, a vulnerability disclosed in 2016.
By: Veo Zhang, Jason Gu, Seven Shen
2018/02/13
Read time: ( words)
Save to Folio
Trend Micro detected a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture. This AndroRAT targets CVE-2015-1805, a publicly disclosed vulnerability in 2016 that allows attackers to penetrate a nu
Trendmicro
New AndroRAT Exploits Allow for Permanent Rooting
blogs_trendmicro·2018-02-13·CVSS 7.2
CVE-2015-1805 [HIGH] New AndroRAT Exploits Allow for Permanent Rooting
Mobile
## New AndroRAT Exploits Allow for Permanent Rooting
A new variant of Android Remote Access Tool can inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and more. It targets CVE-2015-1805, a vulnerability disclosed in 2016.
By: Veo Zhang, Jason Gu, Seven Shen Feb 13, 2018 Read time: ( words)
Save to Folio
Trend Micro detected a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture. This AndroRAT targets CVE-2015-1805 , a publicly disclosed vulnerability in 2016 that allows attackers to penetrate a
Trendmicro
New AndroRAT Exploits Allow for Permanent Rooting
blogs_trendmicro·2018-02-13·CVSS 7.2
CVE-2015-1805 [HIGH] New AndroRAT Exploits Allow for Permanent Rooting
Mobile
## New AndroRAT Exploits Allow for Permanent Rooting
A new variant of Android Remote Access Tool can inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and more. It targets CVE-2015-1805, a vulnerability disclosed in 2016.
By: Veo Zhang, Jason Gu, Seven Shen 2018/02/13 Read time: ( words)
Save to Folio
Trend Micro detected a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture. This AndroRAT targets CVE-2015-1805 , a publicly disclosed vulnerability in 2016 that allows attackers to penetrate a n
Trendmicro
ZNIU: First Android Malware to Exploit Dirty COW
blogs_trendmicro·2017-09-25·CVSS 7.0
[HIGH] ZNIU: First Android Malware to Exploit Dirty COW
Malware
## ZNIU: First Android Malware to Exploit Dirty COW
Dirty COW attacks on Android have been inactive since its discovery but almost a year later, we obtained samples of ZNIU—the first malware family to exploit the vulnerability on the Android platform.
By: Jason Gu, Veo Zhang, Seven Shen Sep 25, 2017 Read time: ( words)
Save to Folio
Updated as of 27/09/2017, 2:30 AM PDT.
We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect.
The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat, and Android, which kernel is based on Linux. It was categorised as a serious privilege esc
Trendmicro
ZNIU: First Android Malware to Exploit Dirty COW
blogs_trendmicro·2017-09-25·CVSS 7.0
[HIGH] ZNIU: First Android Malware to Exploit Dirty COW
Malware
## ZNIU: First Android Malware to Exploit Dirty COW
Dirty COW attacks on Android has been silent since its discovery but almost a year later, we captured samples of ZNIU—the first malware family to exploit the vulnerability on the Android platform.
By: Jason Gu, Veo Zhang, Seven Shen Sep 25, 2017 Read time: ( words)
Save to Folio
Updated as of September 27, 2017, 2:30 AM PDT.
We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect.
The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat, and Android, which kernel is based on Linux. It was categorized as a serious privileg
Trendmicro
ZNIU: First Android Malware to Exploit Dirty COW
blogs_trendmicro·2017-09-25·CVSS 7.0
[HIGH] ZNIU: First Android Malware to Exploit Dirty COW
Malware
# ZNIU: First Android Malware to Exploit Dirty COW
Dirty COW attacks on Android has been silent since its discovery but almost a year later, we captured samples of ZNIU—the first malware family to exploit the vulnerability on the Android platform.
By: Jason Gu, Veo Zhang, Seven Shen
2017/09/25
Read time: ( words)
Save to Folio
Updated as of September 27, 2017, 2:30 AM PDT.
We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect.
The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat, and Android, which kernel is based on Linux. It was categorized as a serious privilege
Trendmicro
ZNIU: First Android Malware to Exploit Dirty COW
blogs_trendmicro·2017-09-25·CVSS 7.0
[HIGH] ZNIU: First Android Malware to Exploit Dirty COW
Malware
## ZNIU: First Android Malware to Exploit Dirty COW
Dirty COW attacks on Android has been silent since its discovery but almost a year later, we captured samples of ZNIU—the first malware family to exploit the vulnerability on the Android platform.
By: Jason Gu, Veo Zhang, Seven Shen 2017/09/25 Read time: ( words)
Save to Folio
Updated as of September 27, 2017, 2:30 AM PDT.
We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect.
The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat, and Android, which kernel is based on Linux. It was categorized as a serious privilege
Recorded Future
Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
blogs_recorded_future
Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
# Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
Click here to download the complete analysis as a PDF.
This analysis focuses on an exploit kit, phishing attack, or remote access trojan co-occurrence with a vulnerability from January 1, 2018 to December 31, 2018. We analyzed thousands of sources, including code repositories, deep web forum postings, and dark web sites. This is a follow-up to our 2017 report, and the intended audience includes information security practitioners, especially those supporting vulnerability risk assessments.
### Executive Summary
Many vulnerability management practitioners face the daunting task of prioritizing vulnerabilities without adequate insight into which vulnerabilities are actively exploited by cybercriminals. Here, we’ll attempt to shed
Recorded Future
Anticipating Surprise: Using Indications, Indicators, and Evidence for Attack Preparation | Recorded Future
blogs_recorded_future
Anticipating Surprise: Using Indications, Indicators, and Evidence for Attack Preparation | Recorded Future
## Anticipating Surprise: Using Indications, Indicators, and Evidence for Attack Preparation
## Key Takeaways
Anticipating and mitigating surprises to your organization is the primary function of threat intelligence.
Warnings of surprise come as either strategic or tactical intelligence.
Understanding the differences between analytical information types can focus your threat intelligence strategy and ensure you have the resources to adequately defend your networks and business.
Intelligence is a big business.
From the CIA and NSA to business intelligence and competitive intelligence to threat intelligence, business uses of intelligence draw from the marquee and mystique of a process that can seem secretive, exclusive, and inaccessible.
This mystique can blind business leaders to bel
Recorded Future
Anticipating Surprise: Using Indications, Indicators, and Evidence for Attack Preparation
blogs_recorded_future
Anticipating Surprise: Using Indications, Indicators, and Evidence for Attack Preparation
# Anticipating Surprise: Using Indications, Indicators, and Evidence for Attack Preparation
### Key Takeaways
- Anticipating and mitigating surprises to your organization is the primary function of threat intelligence.
- Warnings of surprise come as either strategic or tactical intelligence.
- Understanding the differences between analytical information types can focus your threat intelligence strategy and ensure you have the resources to adequately defend your networks and business.
Intelligence is a big business.
From the CIA and NSA to business intelligence and competitive intelligence to threat intelligence, business uses of intelligence draw from the marquee and mystique of a process that can seem secretive, exclusive, and inaccessible.
This mystique can blind business leaders to
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1042.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1081.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1082.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1120.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1137.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1138.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1190.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1199.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1211.htmlhttp://source.android.com/security/bulletin/2016-04-02.htmlhttp://source.android.com/security/bulletin/2016-05-01.htmlhttp://www.debian.org/security/2015/dsa-3290http://www.openwall.com/lists/oss-security/2015/06/06/2http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/74951http://www.securitytracker.com/id/1032454http://www.ubuntu.com/usn/USN-2679-1http://www.ubuntu.com/usn/USN-2680-1http://www.ubuntu.com/usn/USN-2681-1http://www.ubuntu.com/usn/USN-2967-1http://www.ubuntu.com/usn/USN-2967-2https://bugzilla.redhat.com/show_bug.cgi?id=1202855https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1042.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1081.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1082.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1120.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1137.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1138.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1190.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1199.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1211.htmlhttp://source.android.com/security/bulletin/2016-04-02.htmlhttp://source.android.com/security/bulletin/2016-05-01.htmlhttp://www.debian.org/security/2015/dsa-3290http://www.openwall.com/lists/oss-security/2015/06/06/2http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/74951http://www.securitytracker.com/id/1032454http://www.ubuntu.com/usn/USN-2679-1http://www.ubuntu.com/usn/USN-2680-1http://www.ubuntu.com/usn/USN-2681-1http://www.ubuntu.com/usn/USN-2967-1http://www.ubuntu.com/usn/USN-2967-2https://bugzilla.redhat.com/show_bug.cgi?id=1202855https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045
2015-08-08
Published
Exploited in the wild