CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 4CVE-2010-4165 – Linux Kernel 2.6.37 - Local Kernel Denial of Service
https://notcve.org/view.php?id=CVE-2010-4165
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer. La función do_tcp_setsockopt de net/ipv4/tcp.c en el kernel de Linux anterior a 2.6.37-rc2 no restringe adecuadamente los valores TCP_MAXSEG (también conocidos como MSS), esto permite a usuarios locales provocar una denegación de servicio (OOPS) mediante una llamada setsockopt que especifica un valor pequeño, lo que conduce a un error de división entre cero o un uso incorrecto de un entero asignado. • https://www.exploit-db.com/exploits/16263 https://www.exploit-db.com/exploits/16952 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html • CWE-369: Divide By Zero •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2010-4169 – kernel: perf bug
https://notcve.org/view.php?id=CVE-2010-4169
Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call. Una vulnerabilidad de uso después de liberación en mm/mprotect.c en las versiones del kernel de Linux anteriores a v2.6.37-rc2 permite a usuarios locales causar una denegación de servicio a través de vectores que implican una llamada de sistema a mprotect. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=63bfd7384b119409685a17d5c58f0b56e5dc03da http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://marc.info/?l=oss-security&m=128979684911295&w=2 http://marc.info/? • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2010-3432 – kernel: sctp: do not reset the packet during sctp_packet_config
https://notcve.org/view.php?id=CVE-2010-3432
The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic. La función sctp_packet_config en net/sctp/output.c en el kernel de Linux anterior a v2.6.35.6, realiza un inicialización extraña de la estructura de paquetes de datos, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de una determinada secuencia de tráfico SCTP. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4bdab43323b459900578b200a4b8cf9713ac8fab http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://marc.info/?l=linux-netdev&m=128453869227715&w=3 http://marc.info/?l=oss-security&m=128534569803598&w=2 http://marc.info/?l=oss-security&m=128537701808336&w=2 http://secunia.com/advisories/42400 http://secunia&# • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 3CVE-2010-3904 – Linux Kernel Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2010-3904
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. La función rds_page_copy_user de net/rds/page.c en la implementación del protocolo "Reliable Datagram Sockets" (RDS) del kernel de Linux en versiones anteriores a la 2.6.36 no valida apropiadamente las direcciones obtenidas del espacio de usuario, lo que permite a usuarios locales escalar privilegios a través de un uso manipulado de las llamadas del sistema sendmsg y recvmsg. Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. • https://www.exploit-db.com/exploits/44677 https://www.exploit-db.com/exploits/15285 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.9EPSS: 0%CPEs: 21EXPL: 0CVE-2010-3442 – kernel: prevent heap corruption in snd_ctl_new()
https://notcve.org/view.php?id=CVE-2010-3442
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. Múltiples desbordamientos de entero en la función snd_ctl_new de sound/core/control.c en el kernel de Linux en versiones anteriores a la 2.6.36-rc5-next-20100929. Permiten a usuarios locales provocar una denegación de servicio (corrupción de la memoria dinámica) o posiblemente provocar otros impactos sin especificar a través de una llamada ioctl (1) SNDRV_CTL_IOCTL_ELEM_ADD o (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. • http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=5591bf07225523600450edd9e6ad258bb877b779 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://list • CWE-190: Integer Overflow or Wraparound •