CVSS: 6.4EPSS: 8%CPEs: 124EXPL: 0CVE-2004-0949
https://notcve.org/view.php?id=CVE-2004-0949
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times. La función smb_recv_trans2 en el sistema de ficheros samba (smbfs) en los kernel de Linux 2.4 y 2.6 no maneja adecuadamente el reensamblaje de paquetes fragmentados, lo que podría permitir a servidores samba remotos: leer información del kernel de su elección aumentar un valor de un contador en un número arbitrario enviando la primera parte del paquete fragmentado varias veces. • http://marc.info/?l=bugtraq&m=110072140811965&w=2 http://secunia.com/advisories/13232 http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 http://security.e-matters.de/advisories/142004.html http://www.debian.org/security/2006/dsa-1067 http://www.debian.org/security/2006/dsa-1069 http://www.debian.org/security/2006/dsa-1070 http://www.debian.org/security/2006/dsa-1082 htt •
CVSS: 7.5EPSS: 1%CPEs: 52EXPL: 0CVE-2004-0986
https://notcve.org/view.php?id=CVE-2004-0986
Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers. • http://rpmfind.net/linux/RPM/suse/updates/9.2/i386/rpm/i586/iptables-1.2.11-4.2.i586.html http://www.ciac.org/ciac/bulletins/p-026.shtml http://www.debian.org/security/2004/dsa-580 http://www.mandriva.com/security/advisories?name=MDKSA-2004:125 http://www.securityfocus.com/bid/11570 https://bugzilla.fedora.us/show_bug.cgi?id=2252 https://exchange.xforce.ibmcloud.com/vulnerabilities/17928 https://www.ubuntu.com/usn/usn-81-1 •
CVSS: 1.2EPSS: 0%CPEs: 120EXPL: 0CVE-2004-0814
https://notcve.org/view.php?id=CVE-2004-0814
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. Múltiples condiciones de carrera en la capa de terminal de Linux kernel 2.4.x y 2.6.x anteriores a 2.6.9 permiten a usuarios locales obtener porciones de datos del kernel mediante una llamada ioctl TIOCSETD a una interfaz de terminal que esté siendo accedida por otro hilo, o a atacantes remotos causar una denegación de servicio (panic) cambiando de consola a disciplina de línea PPP, y enviando entonces inmediatamente datos que son recibidos durante la conmutación. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110 http://marc.info/?l=bugtraq&m=110306397320336&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2005:022 http://www.redhat.com/support/errata/RHSA-2005-293.html http://www.securityfocus.com/archive/1/379005 http://www.securityfocus.com/bid/11491 http://www.securityfocus.com/bid/11492 https://bugzilla.fedora.us/show_bug.cgi? •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2004-0887
https://notcve.org/view.php?id=CVE-2004-0887
SUSE Linux Enterprise Server 9 on the S/390 platform does not properly handle a certain privileged instruction, which allows local users to gain root privileges. • http://secunia.com/advisories/19369 http://www.debian.org/security/2006/dsa-1018 http://www.novell.com/linux/security/advisories/2004_37_kernel.html http://www.securityfocus.com/bid/11489 https://exchange.xforce.ibmcloud.com/vulnerabilities/17801 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2004-0816 – Linux Kernel 2.6.x - IPTables Logging Rules Integer Underflow Remote (PoC)
https://notcve.org/view.php?id=CVE-2004-0816
Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service (application crash) via a malformed IP packet. Vaciamiento de enteros en las reglas de registro del cortafuegos de iptables en Linux anteriores a 2.6.8 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante un paquete IP malformado. • https://www.exploit-db.com/exploits/24696 http://secunia.com/advisories/11202 http://www.mandriva.com/security/advisories?name=MDKSA-2005:022 http://www.novell.com/linux/security/advisories/2004_37_kernel.html http://www.securityfocus.com/bid/11488 https://exchange.xforce.ibmcloud.com/vulnerabilities/17800 • CWE-191: Integer Underflow (Wrap or Wraparound) •