CVE-2021-3609 – kernel: race condition in net/can/bcm.c leads to local privilege escalation
https://notcve.org/view.php?id=CVE-2021-3609
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. Se ha encontrado un fallo en el protocolo de red CAN BCM en el kernel de Linux, donde un atacante local puede abusar de un fallo en el subsistema CAN para corromper la memoria, bloquear el sistema o escalar privilegios. Esta condición de carrera en el archivo net/can/bcm.c en el kernel de Linux permite una escalada de privilegios local a root A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. • https://bugzilla.redhat.com/show_bug.cgi?id=1971651 https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463 https://security.netapp.com/advisory/ntap-20220419-0004 https://www.openwall.com/lists/oss-security/2021/06/19/1 https://access.redhat.com/security/cve/CVE-2021-3609 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2019-0820 – dotnet: timeouts for regular expressions are not enforced
https://notcve.org/view.php?id=CVE-2019-0820
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. Existe una vulnerabilidad de Denegación de Servicio (DoS) cuando .NET Framework y .NET Core procesan inapropiadamente cadenas RegEx, conocidas como ".NET Framework y .NET Core Denial of Service Vulnerability". Este ID de CVE es diferente de CVE-2019-0980, CVE-2019-0981. • https://access.redhat.com/errata/RHSA-2019:1259 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0820 https://bugzilla.redhat.com/show_bug.cgi?id=1705506 • CWE-400: Uncontrolled Resource Consumption •
CVE-2009-3547 – Linux Kernel 2.4.1 < 2.4.37 / 2.6.1 < 2.6.32-rc5 - 'pipe.c' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-3547
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. Múltiples condiciones de carrera en fs/pipe.c en el kernel de Linux anteriores a v2.6.32-rc6 permite a usuarios locales producir una denegación de servicio )desreferencia a puntero NULL y caída del sistema) o conseguir privilegios mediante la apertura de un canal anónimo en la ruta /proc/*/fd/. • https://www.exploit-db.com/exploits/9844 https://www.exploit-db.com/exploits/33321 https://www.exploit-db.com/exploits/10018 https://www.exploit-db.com/exploits/33322 https://www.exploit-db.com/exploits/40812 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference CWE-672: Operation on a Resource after Expiration or Release •
CVE-2009-2904 – openssh: possible privilege escalation when using ChrootDirectory setting
https://notcve.org/view.php?id=CVE-2009-2904
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership. Ciertas modificaciones Ret Hat en ChrootDirectory feature en OpenSSH v4.8, como el usado en sshd en OpenSSH v4.3 en Red Hat Enterprise Linux (RHEL) v5.4 y Fedora v11, permite a usuarios locales obtener privilegios a través de enlaces fuertes en programas setuid que usa una configuración de ficheros con el chroot directory, relacionado con requerimientos para el propietario. • http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://osvdb.org/58495 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://secunia.com/advisories/39182 http://www.securityfocus.com/bid/36552 http://www.vupen.com/english/advisories/2010/0528 https://bugzilla.redhat.com/show_bug.cgi?id=522141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg • CWE-16: Configuration •
CVE-2009-2698 – Linux Kernel < 2.6.19 (Debian 4) - 'udp_sendmsg' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2698
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. La función udp_sendmsg en la implementación UDP en los archivos (1) net/ipv4/udp.c y (2) net/ipv6/udp.c en el kernel de Linux anterior a versión 2.6.19, permite a los usuarios locales obtener privilegios o causar una denegación de servicio (Desreferencia de puntero NULL y bloqueo de sistema) por medio de vectores que involucran el flag MSG_MORE y un socket UDP. • https://www.exploit-db.com/exploits/9575 https://www.exploit-db.com/exploits/9574 https://www.exploit-db.com/exploits/9542 https://github.com/xiaoxiaoleo/CVE-2009-2698 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1e0c14f49d6b393179f423abbac47f85618d3d46 http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html http://rhn.redhat.com/errata/RHSA-2009-1222.html http://rhn.redhat.com/errata/RHSA-2009-1223.html http://secunia.com • CWE-476: NULL Pointer Dereference •