CVE-2009-2406 – kernel: ecryptfs stack overflow in parse_tag_11_packet()
https://notcve.org/view.php?id=CVE-2009-2406
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. Desbordamiento de búfer basado en pila en la función parse_tag_11_packet en fs/ecryptfs/keystore.c en el subsistema eCryptfs del kernel de Linux anteriores a v2.6.30.4 permite a usuarios locales provocar una denegación de servicio (finalización del sistema) o posiblemente obtener mayores privilegios mediante vectores que utilizan un fichero eCryptfs modificado, relacionados con la no comprobación de que la longitud de la clave de firma en un paquete "Tag 11" es compatible con el tamaño del búfer de la clave de firma. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6352a29305373ae6196491e6d4669f301e26492e http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://risesecurity.org/advisories/RISE-2009002.txt http://secunia.com/advisories/35985 http://secunia.com/advisories/36045 http://secunia.com/advisories/36051 http://secunia.com/advisories/36054 http://secunia.com/advisories/36116 http://secunia.com/advisories/36131 http://secunia.com/advisories/37 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2009-1389 – kernel: r8169: fix crash when large packets are received
https://notcve.org/view.php?id=CVE-2009-1389
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet. Desbordamiento de memoria en el driver RTL8169 NIC (drivers/net/r8169.c) en el kernel de Linux anteriores a v2.6.30 permite a atacantes remotos producir una denegación de servicio (consumo de memoria del kernel y caída) a través de un paquete largo. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=fdd7b4c3302c93f6833e338903ea77245eb510b4 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://lkml.org/lkml/2009/6/8/194 http://marc.info/?l=linux-netdev&m=123462461713724&w=2 http://secunia.com/advisories/35265 http://secunia.com/advisories/35566 http://secunia.com/advisories/35847 http://secunia& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1914 – Linux Kernel 2.6.x (Sparc64) - '/proc/iomem' Local Denial of Service
https://notcve.org/view.php?id=CVE-2009-1914
The pci_register_iommu_region function in arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on the sparc64 platform allows local users to cause a denial of service (system crash) by reading the /proc/iomem file, related to uninitialized pointers and the request_resource function. La función pci_register_iommu_region de arch/sparc/kernel/pci_common.c del kernel de Linux anterior a v2.6.29 en la plataforma sparc64, permite a usuarios locales provocar una denegación de servicio (caída del sistema), al leer el fichero /proc/iomem. Está relacionado con punteros no iniciados y la función request_resource. • https://www.exploit-db.com/exploits/33043 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=192d7a4667c6d11d1a174ec4cad9a3c5d5f9043c http://osvdb.org/54908 http://secunia.com/advisories/35656 http://secunia.com/advisories/36051 http://www.debian.org/security/2009/dsa-1844 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29 http://www.openwall.com/lists/oss-security/2009/06/03/3 http://www.securityfocus.com/bid/35415 http:/ • CWE-20: Improper Input Validation •
CVE-2009-1385 – kernel: e1000_clean_rx_irq() denial of service
https://notcve.org/view.php?id=CVE-2009-1385
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size. Desbordamiento inferior de entero en la función 1000_clean_rx_irq en drivers/net/e1000/e1000_main.c en el controlador e1000 en Linux kernel anterior a v2.6.30-rc8, el controlador e1000e en el kernel de Linux, y Intel Wired Ethernet (también conocido como e1000) anteriores a v7.5.5 permite a los atacantes remotos causar una denegación de servicios (panic) a través de un tamaño de marco manipulado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ea30e11970a96cfe5e32c03a29332554573b4a10 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html http://osvdb.org/54892 http://secunia.com/advisories/35265 http://secunia.com/advisories/35566 http://secunia.com/advisories/35623 http://secunia.com/advisories/35656 http://secunia.com/advisories/35847 http://secunia.com/advisories/36051 http://secunia.com/advisories/36131 http://secunia.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVE-2009-1184
https://notcve.org/view.php?id=CVE-2009-1184
The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21. La función selinux_ip_postroute_iptables_compat en security/selinux/hooks.c en el subsistema SELinux en el kernel de Linux anterior a v2.6.27.22, y v2.6.28.x anterior a 2.6.28.10, cuando compat_net esta activado, omite llamadas a avc_has_perm para (1) el nodo y (2) puerto, lo que permite a usuarios locales evitar la restricciones previstas en el trafico de la red. NOTA: Esto fue incorrectamente reportado como una cuestión arreglada en 2.6.27.21. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=910c9e41186762de3717baaf392ab5ff0c454496 http://lwn.net/Articles/331434 http://lwn.net/Articles/331435 http://patchwork.ozlabs.org/patch/25238 http://secunia.com/advisories/35121 http://secunia.com/advisories/35656 http://www.debian.org/security/2009/dsa-1800 http://www.mandriva.com/security/advisories?name=MDVSA-2009:118 http://www.mandriva.com/security/advisories?name=MDVSA-2009:119 http:// • CWE-16: Configuration •