CVE-2008-5079 – Linux Kernel 2.6.27.8 - ATMSVC Local Denial of Service
https://notcve.org/view.php?id=CVE-2008-5079
net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. net/atm/svc.c en el subsistema ATM del kernel de Linux v2.6.27.8 y anteriores; permite a usuarios locales provocar una denegación de servicio (bucle infinito del kernel) creando dos llamadas a svc_listen al mismo socket y luego leyendo el fichero /proc/net/atm/*vc que está relacionado con la corrupción de la tabla vcc. • https://www.exploit-db.com/exploits/7405 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html http://marc.info/?l=linux-netdev&m=122841256115780&w=2 http://secunia.com/advisories/32913 http://secunia.com/advisories/33083 http://secunia.com/advisories/33348 http://secunia.com/advisories/33623 http://secunia.com/ • CWE-399: Resource Management Errors •
CVE-2008-5182 – kernel: fix inotify watch removal/umount races
https://notcve.org/view.php?id=CVE-2008-5182
The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. La funcionalidad inotify en el kernel de Linux v2.6 anteriores a 2.6.28-rc5 que podría permitir a usuarios locales ganar privilegios a través de vectores desconocidos relacionados con las condiciones de carrera en el reloj de eliminación y desmontado. • http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc5 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html http://secunia.com/advisories/32998 http://secunia.com/advisories/33083 http://secunia.com/advisories/33348 http://secunia.com/advisories/33623 http://secunia.com/advisories/33641 http://secunia.com/advisories/33704 http://secunia.com/advisories/33706 http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVE-2008-5134 – kernel: libertas: fix buffer overrun
https://notcve.org/view.php?id=CVE-2008-5134
Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact via an "invalid beacon/probe response." Desbordamiento de búfer en la función lbs_process_bss en drivers/net/wireless/libertas/scan.c en el subsistema libertas en versiones anteriores a 2.6.27.5 del kernel de linux, permite a los atacantes remotos tener un impacto desconocido a través de un "respuesta inválida de balizamiento/prueba." • http://article.gmane.org/gmane.linux.kernel.wireless.general/23049 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=48735d8d8bd701b1e0cd3d49c21e5e385ddcb077 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html http://openwall.com/lists/oss-security/2008/11/11/2 http://secunia.com/advisories/32998 http://secunia.com/advisories/33641 http://secunia.com/advisories/33706 http://secunia.com/advisories/33854 http://www.debian.org/s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-5025 – kernel: hfs: fix namelength memory corruption
https://notcve.org/view.php?id=CVE-2008-5025
Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933. Desbordamiento de búfer basado en pila en la función hfs_cat_find_brec en fs/hfs/catalog.c en versiones del kernel de Linux anteriores a la 2.6.28-RC1 permite a atacantes provocar una denegación de servicio (corrupción de memoria o caida del sistema) a través de una imagen de un sistema de ficheros HFS con un campo "longitud del catálogo" inválido. Esta vulnerabilidad esta relacionada con la CVE-2008-4933. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=d38b7aa7fc3371b52d036748028db50b585ade2e http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html http://openwall.com/lists/oss-security/2008/11/10/1 http://openwall.com/lists/oss-security/2008/11/10/3 http://openwall.com/lists/oss-security/2008/11/10/6 http://openwall.com/lists/oss-security/2008/11/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-5029 – kernel: Unix sockets kernel panic
https://notcve.org/view.php?id=CVE-2008-5029
The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. La función __scm_destroy de net/core/scm.c en el kernel de Linux 2.6.27.4, 2.6.2 y anteriores; realiza llamadas recursivas indirectas a sí mismo a través de llamadas a la función fput; esto permite a usuarios locales provocar una denegación de servicio (pánico) a través de vectores relacionados con el envío de un mensaje SCM_RIGTHS a través de un socket de dominio UNIX y cerrando los descriptores de ficheros. • http://archives.neohapsis.com/archives/bugtraq/2009-01/0006.html http://darkircop.org/unix.c http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.9 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html http://marc.info/?l=linux-netdev&m=122593044330973&w=2 http://secunia.com/advisories/32918 http://s •