CVE-2007-0001 – Linux Kernel 2.6.x - Audit Subsystems Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-0001
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped. La implementación del monitor de archivos en el subsistema de auditoría (auditctl -w) en el núcleo 2.6.9 de Red Hat Enterprise Linux (RHEL) 4 permite a usuarios locales provocar una denegación de servicio (kernel panic) reemplazando un archivo monitorizado, lo cual no provoca que la monitorización en el nodo-i antiguo sea eliminada. • https://www.exploit-db.com/exploits/29683 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223129 http://osvdb.org/33031 http://secunia.com/advisories/24300 http://www.redhat.com/support/errata/RHSA-2007-0085.html http://www.securityfocus.com/bid/22737 http://www.securitytracker.com/id?1017705 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9560 https://access.redhat.com/security/cve/CVE-2007-0001 https://bugzilla.redhat.com/show_bug •
CVE-2007-1007
https://notcve.org/view.php?id=CVE-2007-1007
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. Vulnerabilidad de cadena de formato en GnomeMeeting 1.0.2 y anteriores permiten a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante cadenas de formato en el nombre, que no es tratado adecuadamente en una llamada a la función gnomemeeting_log_insert. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229266 http://osvdb.org/32083 http://secunia.com/advisories/24185 http://secunia.com/advisories/24271 http://secunia.com/advisories/24284 http://secunia.com/advisories/24379 http://secunia.com/advisories/25119 http://www.debian.org/security/2007/dsa-1262 http://www.mandriva.com/security/advisories?name=MDKSA-2007:045 http://www.novell.com/linux •
CVE-2007-0980
https://notcve.org/view.php?id=CVE-2007-0980
Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. Vulnerabilidad no especificada en HP Serviceguard para Linux; empaquetado para SuSE SLES8 y United Linux 1.0 versiones anteriores a SG A.11.15.07, SuSE SLES9 y SLES10 versiones anteriores a SG A.11.16.10, y Red Hat Enterprise Linux (RHEL) versiones anteriores a SG A.11.16.10; permite a atacantes remotos obtener acceso no autorizado mediante vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00860750 http://osvdb.org/33201 http://secunia.com/advisories/24134 http://www.securityfocus.com/bid/22574 http://www.securitytracker.com/id?1017655 http://www.vupen.com/english/advisories/2007/0619 •
CVE-2006-5753 – kernel listxattr syscall can corrupt user space programs
https://notcve.org/view.php?id=CVE-2006-5753
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors. Vulnerabilidad no especificada en la llamada al sistema listxattr del núcleo de Linux, cuando un "inode malo" (bad inode) está presente, permite a usuarios locales provocar una denegación de servicio (corrupción de datos) y posiblemente obtener privilegios mediante vectores no especificados. • http://fedoranews.org/cms/node/2739 http://fedoranews.org/cms/node/2740 http://lkml.org/lkml/2007/1/3/150 http://osvdb.org/33020 http://secunia.com/advisories/23955 http://secunia.com/advisories/23997 http://secunia.com/advisories/24098 http://secunia.com/advisories/24100 http://secunia.com/advisories/24206 http://secunia.com/advisories/24400 http://secunia.com/advisories/24429 http://secunia.com/advisories/24482 http://secunia.com/advisories/24547 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-6235
https://notcve.org/view.php?id=CVE-2006-6235
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Una vulnerabilidad de "escritura en pila" en GnuPG (gpg) 1.x anterior a la 1.4.6, 2.x anterior a la 2.0.2 y 1.9.0 hasta la 1.9.95 permite a atacantes ejecutar código de su elección mediante paquetes OpenPGP artesanales que provocan que GnuPG haga referencia a un puntero a función que está en memoria (en la pila) que ya ha sido liberada. • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html http://secunia.com/advisories/23245 http://secunia.com/advisories/23250 http://secunia.com/advisories/23255 http://secunia.com/advisories/23259 http://secunia.com/advisories/23269 http://secunia.com/advisories/23284 http://secunia.com/advisories/23290 http://secunia. •