CVE-2015-3636
published 2015-08-06CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation…
PriorityP279medium4.9CVSS 2.0
AVLACLAuNCNINAC
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
2.47%
82.5th percentile
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 4.0.2-1 (bookworm) | linux 4.0.2-1 (bookworm) |
| debian | linux | < linux 4.3.1-1 (bookworm) | linux 4.3.1-1 (bookworm) |
| android | — | — | |
| android | — | — | |
| linux | linux_kernel | < 4.3 | 4.3 |
| linux | linux_kernel | <= 4.0.2 | — |
| linux | linux_kernel | >= 0 < 4.3.1-1 | 4.3.1-1 |
| linux | linux_kernel | >= 0 < 4.0.2-1 | 4.0.2-1 |
| linux | linux_kernel | >= 0 < 4.3.1-1 | 4.3.1-1 |
| linux | linux_kernel | >= 0 < 4.0.2-1 | 4.0.2-1 |
| linux | linux_kernel | >= 0 < 4.3.1-1 | 4.3.1-1 |
| linux | linux_kernel | >= 0 < 4.0.2-1 | 4.0.2-1 |
| linux | linux_kernel | >= 0 < 4.3.1-1 | 4.3.1-1 |
| linux | linux_kernel | >= 0 < 4.0.2-1 | 4.0.2-1 |
| linux | linux_kernel | >= 0 < 3.13.0-54.91 | 3.13.0-54.91 |
| redhat | enterprise_linux | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2015-3636 is exploited via SOCK_DGRAM socket for IPPROTO_ICMP/IPPROTO_ICMPV6 followed by a connect() after disconnect(); monitor for local processes making ping socket system calls followed by spurious connect/disconnect sequences. ↗
- →Check net.ipv4.ping_group_range sysctl; any value other than '1 0' (default/disabled) means ping socket functionality may be enabled and the system is potentially exploitable by CVE-2015-3636. ↗
- →KevDroid Variant 2 embeds an ELF exploit file named 'POC' inside the APK to exploit CVE-2015-3636; scan APKs for embedded ELF files named 'POC' targeting 32-bit architectures. ↗
- →KevDroid exfiltrates stolen data via HTTP POST to cgalim[.]com; block/alert on HTTP POST traffic to cgalim[.]com/admin/hr/pu/pu.php. ↗
- ·CVE-2015-3636 only allows privilege escalation (not just DoS) on non-x86-64 architectures; on x86-64 the impact is limited to local Denial of Service. ↗
- ·The vulnerability is not exploitable if net.ipv4.ping_group_range is set to the default '1 0'; exploitation requires ping socket functionality to be enabled for the attacker's user/group. ↗
- ·Red Hat Enterprise Linux 5 is NOT affected by CVE-2015-3636; only RHEL 6, 7, and MRG 2 are affected. ↗
- ·CVE-2015-3636 is distinct from CVE-2016-0821 (LIST_POISON bypass); they are related but separate vulnerabilities in Android/Linux kernel list handling. ↗
CVSS provenance
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv4.9MEDIUM
vulncheck4.9MEDIUM
vendor_debian4.9MEDIUM
vendor_redhat4.9MEDIUM
vendor_ubuntu4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2016-0821: linux - The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3...
vendor_debian·2016·CVSS 4.9
CVE-2016-0821 [MEDIUM] CVE-2016-0821: linux - The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3...
The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
Scope: local
bookworm: resolved (fixed in 4.3.1-1)
bullseye: resolved (fixed in 4.3.1-1)
forky: resolved (fixed in 4.3.1-1)
sid: resolved (fixed in 4.3.1-1)
trixie: resolved (fixed in 4.3.1-1)
Red Hat
kernel: Too big poison pointer space
vendor_redhat·2015-09-10·CVSS 4.9
CVE-2016-0821 [MEDIUM] kernel: Too big poison pointer space
kernel: Too big poison pointer space
The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
Statement: This issue affects versions of the kernel shipped with Red Hat Enterprise
Linux 5, 6, 7 and MRG-2 realtime kernels.
This has been rated as having Moderate security impact and is not currently
planned to be addressed in future updates. For additional information, refer
to the Red Hat Enterprise Linux Life Cycle:
https://access.redha
Android
CVE-2015-3636: Android Security Bulletin 2015-09-01
CVE: CVE-2015-3636
Severity: CRITICAL
Affected AOSP versions: 5
vendor_android·2015-09-01·CVSS 4.9
CVE-2015-3636 [MEDIUM] CVE-2015-3636: Android Security Bulletin 2015-09-01
CVE: CVE-2015-3636
Severity: CRITICAL
Affected AOSP versions: 5
Android Security Bulletin 2015-09-01
CVE: CVE-2015-3636
Severity: CRITICAL
Affected AOSP versions: 5.1 and below
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-06-10·CVSS 4.9
CVE-2015-2150 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Jan Beulich discovered the Xen virtual machine subsystem of the Linux
kernel did not properly restrict access to PCI command registers. A local
guest user could exploit this flaw to cause a denial of service (host
crash). (CVE-2015-2150)
A privilege escalation was discovered in the fork syscall via the int80
entry on 64 bit kernels with 32 bit emulation support. An unprivileged
local attacker could exploit this flaw to increase their privileges on the
system. (CVE-2015-2830)
A memory corruption issue was discovered in AES decryption when using the
Intel AES-NI accelerated code path. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or potentially escalate
p
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-06-10·CVSS 4.9
CVE-2015-0275 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Xiong Zhou discovered a bug in the way the EXT4 filesystem handles
fallocate zero range functionality when the page size is greater than the
block size. A local attacker could exploit this flaw to cause a denial of
service (system crash). (CVE-2015-0275)
Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping
support. A local user could exploit this flaw to cause a denial of service
(system crash) or gain administrative privileges on the system.
(CVE-2015-3636)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, whic
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities
vendor_ubuntu·2015-06-10·CVSS 4.9
CVE-2015-0275 [MEDIUM] Linux kernel (Utopic HWE) vulnerabilities
Title: Linux kernel (Utopic HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Xiong Zhou discovered a bug in the way the EXT4 filesystem handles
fallocate zero range functionality when the page size is greater than the
block size. A local attacker could exploit this flaw to cause a denial of
service (system crash). (CVE-2015-0275)
Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping
support. A local user could exploit this flaw to cause a denial of service
(system crash) or gain administrative privileges on the system.
(CVE-2015-3636)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2015-06-10·CVSS 4.9
CVE-2015-2150 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Jan Beulich discovered the Xen virtual machine subsystem of the Linux
kernel did not properly restrict access to PCI command registers. A local
guest user could exploit this flaw to cause a denial of service (host
crash). (CVE-2015-2150)
A privilege escalation was discovered in the fork syscall via the int80
entry on 64 bit kernels with 32 bit emulation support. An unprivileged
local attacker could exploit this flaw to increase their privileges on the
system. (CVE-2015-2830)
A memory corruption issue was discovered in AES decryption when using the
Intel AES-NI accelerated code path. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or potentially es
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2015-06-10·CVSS 4.9
CVE-2015-3636 [MEDIUM] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping
support. A local user could exploit this flaw to cause a denial of service
(system crash) or gain administrative privileges on the system.
(CVE-2015-3636)
A memory corruption flaw was discovered in the Linux kernel's scsi
subsystem. A local attacker could potentially exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4036)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all thir
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-06-10·CVSS 4.9
CVE-2015-3636 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping
support. A local user could exploit this flaw to cause a denial of service
(system crash) or gain administrative privileges on the system.
(CVE-2015-3636)
A memory corruption flaw was discovered in the Linux kernel's scsi
subsystem. A local attacker could potentially exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4036)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kerne
Ubuntu
Linux kernel (Vivid HWE) vulnerabilities
vendor_ubuntu·2015-06-10·CVSS 4.9
CVE-2015-0275 [MEDIUM] Linux kernel (Vivid HWE) vulnerabilities
Title: Linux kernel (Vivid HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Xiong Zhou discovered a bug in the way the EXT4 filesystem handles
fallocate zero range functionality when the page size is greater than the
block size. A local attacker could exploit this flaw to cause a denial of
service (system crash). (CVE-2015-0275)
Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping
support. A local user could exploit this flaw to cause a denial of service
(system crash) or gain administrative privileges on the system.
(CVE-2015-3636)
A memory corruption flaw was discovered in the Linux kernel's scsi
subsystem. A local attacker could potentially exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4036)
Instructions:
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-06-10·CVSS 4.9
CVE-2015-0275 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Xiong Zhou discovered a bug in the way the EXT4 filesystem handles
fallocate zero range functionality when the page size is greater than the
block size. A local attacker could exploit this flaw to cause a denial of
service (system crash). (CVE-2015-0275)
Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping
support. A local user could exploit this flaw to cause a denial of service
(system crash) or gain administrative privileges on the system.
(CVE-2015-3636)
A memory corruption flaw was discovered in the Linux kernel's scsi
subsystem. A local attacker could potentially exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4036)
Instructions: After a stan
Red Hat
kernel: ping sockets: use-after-free leading to local privilege escalation
vendor_redhat·2015-05-02·CVSS 4.9
CVE-2015-3636 [MEDIUM] CWE-416 kernel: ping sockets: use-after-free leading to local privilege escalation
kernel: ping sockets: use-after-free leading to local privilege escalation
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the syste
Debian
CVE-2015-3636: linux - The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 doe...
vendor_debian·2015·CVSS 4.9
CVE-2015-3636 [MEDIUM] CVE-2015-3636: linux - The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 doe...
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
Scope: local
bookworm: resolved (fixed in 4.0.2-1)
bullseye: resolved (fixed in 4.0.2-1)
forky: resolved (fixed in 4.0.2-1)
sid: resolved (fixed in 4.0.2-1)
trixie: resolved (fixed in 4.0.2-1)
GHSA
GHSA-67pv-68g5-4j93: The ping_unhash function in net/ipv4/ping
ghsa_unreviewed·2022-05-14
CVE-2015-3636 [MEDIUM] GHSA-67pv-68g5-4j93: The ping_unhash function in net/ipv4/ping
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
GHSA
GHSA-9548-jjm6-2wmw: The LIST_POISON feature in include/linux/poison
ghsa_unreviewed·2022-05-13·CVSS 4.9
CVE-2016-0821 [MEDIUM] CWE-908 GHSA-9548-jjm6-2wmw: The LIST_POISON feature in include/linux/poison
The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
OSV
CVE-2016-0821: The LIST_POISON feature in include/linux/poison
osv·2016-03-12·CVSS 4.9
CVE-2016-0821 [MEDIUM] CVE-2016-0821: The LIST_POISON feature in include/linux/poison
The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
OSV
CVE-2015-3636: The ping_unhash function in net/ipv4/ping
osv·2015-08-06·CVSS 4.9
CVE-2015-3636 [MEDIUM] CVE-2015-3636: The ping_unhash function in net/ipv4/ping
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
OSV
linux-lts-vivid vulnerabilities
osv·2015-06-10·CVSS 4.9
CVE-2015-0275 [MEDIUM] linux-lts-vivid vulnerabilities
linux-lts-vivid vulnerabilities
Xiong Zhou discovered a bug in the way the EXT4 filesystem handles
fallocate zero range functionality when the page size is greater than the
block size. A local attacker could exploit this flaw to cause a denial of
service (system crash). (CVE-2015-0275)
Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping
support. A local user could exploit this flaw to cause a denial of service
(system crash) or gain administrative privileges on the system.
(CVE-2015-3636)
A memory corruption flaw was discovered in the Linux kernel's scsi
subsystem. A local attacker could potentially exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4036)
OSV
linux-lts-utopic vulnerabilities
osv·2015-06-10·CVSS 4.9
CVE-2015-0275 [MEDIUM] linux-lts-utopic vulnerabilities
linux-lts-utopic vulnerabilities
Xiong Zhou discovered a bug in the way the EXT4 filesystem handles
fallocate zero range functionality when the page size is greater than the
block size. A local attacker could exploit this flaw to cause a denial of
service (system crash). (CVE-2015-0275)
Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping
support. A local user could exploit this flaw to cause a denial of service
(system crash) or gain administrative privileges on the system.
(CVE-2015-3636)
OSV
linux vulnerabilities
osv·2015-06-10·CVSS 4.9
CVE-2015-3636 [MEDIUM] linux vulnerabilities
linux vulnerabilities
Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping
support. A local user could exploit this flaw to cause a denial of service
(system crash) or gain administrative privileges on the system.
(CVE-2015-3636)
A memory corruption flaw was discovered in the Linux kernel's scsi
subsystem. A local attacker could potentially exploit this flaw to cause a
denial of service (system crash). (CVE-2015-4036)
VulnCheck
Linux Kernel ping_unhash Function Privilege Escalation
vulncheck·2015·CVSS 4.9
CVE-2015-3636 [MEDIUM] Linux Kernel ping_unhash Function Privilege Escalation
Linux Kernel ping_unhash Function Privilege Escalation
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
Affected: Linux Kernel
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/
Exploit PoC: https:
No detection rules found.
No public exploits indexed.
Talos
Fake AV Investigation Unearths KevDroid, New Android Malware
blogs_talos·2018-04-02·CVSS 4.9
[MEDIUM] Fake AV Investigation Unearths KevDroid, New Android Malware
This blog post is authored by Warren Mercer, Paul Rascagneres, Vitor Ventura and with contributions from Jungsoo An.
## SummarySeveral days ago,EST Securitypublished a post concerning a fake antivirus malware targeting the Android mobile platform. In theKorean media, it was mentioned that there could be a link between this Android malware and Group 123. Talos decided to investigate this malware. And due to our reporting and history of following of Group 123, we discovered some interesting elements.
Talos identified two variants of the Android Remote Administration Tool (RAT). Both samples have the same capabilities — namely to steal information on the compromised device (such as contacts, SMS and phone history) and record the victim's phone calls. One variant uses a known Android exploit
Talos
Fake AV Investigation Unearths KevDroid, New Android Malware
blogs_talos·2018-04-02·CVSS 4.9
[MEDIUM] Fake AV Investigation Unearths KevDroid, New Android Malware
## Fake AV Investigation Unearths KevDroid, New Android Malware
This blog post is authored by Warren Mercer , Paul Rascagneres , Vitor Ventura and with contributions from Jungsoo An.
## Summary Several days ago, EST Security published a post concerning a fake antivirus malware targeting the Android mobile platform. In the Korean media , it was mentioned that there could be a link between this Android malware and Group 123. Talos decided to investigate this malware. And due to our reporting and history of following of Group 123, we discovered some interesting elements.
Talos identified two variants of the Android Remote Administration Tool (RAT). Both samples have the same capabilities — namely to steal information on the compromised device (such as contacts, SMS and phone history) and r
Securelist
Skygofree: Following in the footsteps of HackingTeam
blogs_securelist·2018-01-16
Skygofree: Following in the footsteps of HackingTeam
Table of Contents
Malware Features
Android
Reverse shell payload
Exploit payload
Busybox payload
Social payload
Parser payload
Windows
Code similarities
Distribution
Artifacts
Conclusions
Notes
Authors
Nikita Buchka
Alexey Firsh
At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago – at the end of 2014. Since then, the implant’s functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specif
Securelist
Skygofree: Following in the footsteps of HackingTeam
blogs_securelist·2018-01-16
Skygofree: Following in the footsteps of HackingTeam
Table of Contents
- Malware Features
- Distribution
- Artifacts
- Conclusions
Authors
- Nikita Buchka
- Alexey Firsh
At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago – at the end of 2014. Since then, the implant’s functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via Accessibility Services; and the ability to connect an infected device to
Checkpoint
How the CopyCat malware infected Android devices around the world
blogs_checkpoint·2017-07-06
CVE-2014-4321 How the CopyCat malware infected Android devices around the world
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## How the CopyCat malware infected Android devices around the world
Check Point researchers identified a mobile malware that infected 14 million Android devices, rooting approximately 8 mill
Bugzilla
CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation [fedora-all]
bugzilla·2015-05-04·CVSS 4.9
CVE-2015-3636 [MEDIUM] CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation [fedora-all]
CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multipl
Bugzilla
CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation
bugzilla·2015-05-04·CVSS 4.9
CVE-2015-3636 [MEDIUM] CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation
CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation
It was found that the Linux kernel's ping socket implementation didn't properly
handle socket unhashing during spurious disconnects which could lead to
use-after-free flaw.
On x86-64 architecture systems, a local user able to create ping sockets could
use this flaw to crash the system.
On non-x86-64 architecture systems, a local user able to create ping sockets
could use this flaw to increase their privileges on the system.
Note: By default ping sockets are disabled on the system
(net.ipv4.ping_group_range = 1 0) and have to be explicitly enabled by the
system administrator for specific user groups in order to exploit this issue.
Upstream fix:
https://github.com/torvalds/linux/commit/a134f083e79fb
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1221.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1534.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1564.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1583.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1643.htmlhttp://www.debian.org/security/2015/dsa-3290http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3http://www.openwall.com/lists/oss-security/2015/05/02/5http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/74450http://www.securitytracker.com/id/1033186http://www.ubuntu.com/usn/USN-2631-1http://www.ubuntu.com/usn/USN-2632-1http://www.ubuntu.com/usn/USN-2633-1http://www.ubuntu.com/usn/USN-2634-1https://bugzilla.redhat.com/show_bug.cgi?id=1218074https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1221.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1534.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1564.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1583.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1643.htmlhttp://www.debian.org/security/2015/dsa-3290http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3http://www.openwall.com/lists/oss-security/2015/05/02/5http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/74450http://www.securitytracker.com/id/1033186http://www.ubuntu.com/usn/USN-2631-1http://www.ubuntu.com/usn/USN-2632-1http://www.ubuntu.com/usn/USN-2633-1http://www.ubuntu.com/usn/USN-2634-1https://bugzilla.redhat.com/show_bug.cgi?id=1218074https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326
2015-08-06
Published
Exploited in the wild