CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2011-2213 – kernel: inet_diag: insufficient validation
https://notcve.org/view.php?id=CVE-2011-2213
The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. La función net_diag_bc_audit en net/ipv4/inet_diag.c en el Kernel de Linux anterior a v2.6.39.3 no audita adecuadamente bytecode INET_DIAG, lo que permite a usuarios locales provocar una denegación de servicio a través de instrucciones manipuladas INET_DIAG_REQ_BYTECODE en un mensaje netlink, como se demostró por una instrucción INET_DIAG_BC_JMP con un valor zero yes, una vulnerabilidad diferente que CVE-2010-3880. • http://article.gmane.org/gmane.linux.network/197206 http://article.gmane.org/gmane.linux.network/197208 http://article.gmane.org/gmane.linux.network/197386 http://article.gmane.org/gmane.linux.network/198809 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eeb1497277d6b1a0a34ed36b97e18f2bd7d6de0d http://marc.info/?l=bugtraq&m=139447903326211&w=2 http://patchwork.ozlabs.org/patch/100857 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kern • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 0CVE-2011-1093 – kernel: dccp: fix oops on Reset after close
https://notcve.org/view.php?id=CVE-2011-1093
The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. Función dccp_rcv_state_process en net/dccp/input.c en la implementación de Datagram Congestion Control Protocol(DCCP)en el kernel de linux antes de v2.6.38 no maneja adecuadamente paquetes para un extremo cerrado, que permite a atacantes remotos provocar una denegación de servicio ( puntero a NULO y OOPS ) mediante el envío de un paquete DCCP-Close seguido por un paquete DCCP-Reset. • http://downloads.avaya.com/css/P8/documents/100145416 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=720dc34bbbe9493c7bd48b2243058b4e447a929d http://openwall.com/lists/oss-security/2011/03/08/19 http://openwall.com/lists/oss-security/2011/03/08/4 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 http://www.securityfocus.com/bid/46793 https://bugzilla.redhat.com/show_bug.cgi • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2010-4251 – kernel: unlimited socket backlog DoS
https://notcve.org/view.php?id=CVE-2010-4251
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests. La implementación del socket en net/core/sock.c en el kernel de Linux anterior a v2.6.34 no maneja correctamente un retraso de los paquetes recibidos, que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) mediante el envío de una gran cantidad de la red tráfico, como lo demuestran las pruebas netperf UDP. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8eae939f1400326b06d0c9afe53d2a484a326871 http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread http://secunia.com/advisories/46397 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/46637 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/sh • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4805 – kernel: unlimited socket backlog DoS
https://notcve.org/view.php?id=CVE-2010-4805
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251. La implementación del socket en net/core/sock.c en el kernel de Linux anteriores a v2.6.35 no maneja correctamente un retraso de los paquetes recibidos, lo que permite a atacantes remotos provocar una denegación de servicio mediante el envío de una gran cantidad de tráfico de la red, relacionados con la función sk_add_backlog y el campo de toma de sk_rmem_alloc. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2010-4251. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c377411f2494a931ff7facdbb3a6839b1266bcf6 http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.securityfocus.com/bid/46637 https://bugzilla.redhat.com/show_bug.cgi?id=657303 https://access.redhat.com/security/cve/CVE-2010-4805 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.6EPSS: 0%CPEs: 7EXPL: 1CVE-2011-1182 – kernel signal spoofing issue
https://notcve.org/view.php?id=CVE-2011-1182
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. kernel/signal.c en Linux kernel anterior a v2.6.39 permite a usuarios locales falsear el "uid" y el "pid" a través de un envío de señal de una llamada del sistema "sigqueueinfo". • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=da48524eb20662618854bb3df2db01fc65f3070c http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.openwall.com/lists/oss-security/2011/03/23/2 https://bugzilla.redhat.com/show_bug.cgi?id=690028 https://github.com/torvalds/linux/commit/da48524eb20662618854bb3df2db01fc65f3070c https://access.redhat.com/security/cve/CVE-2011-1182 •