CVSS: 7.2EPSS: 0%CPEs: 112EXPL: 3CVE-2004-0077 – Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0077
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. La función do_remap en mremap de Linux 2.2 a 2.2.25, 2.4 a 2.4.24, y 2.6 a 2.6.2 no comprueba adecuadamente el valor devuelto por la función do_munmap cuando se excede el número máximo de descriptores VMA, lo que permite a usuarios locales ganar privilegios de root, una vulnerabilidad distinta de CAN-2004-0985. A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2. • https://www.exploit-db.com/exploits/160 https://www.exploit-db.com/exploits/154 http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820 http://fedoranews.org/updates/FEDORA-2004-079.shtml http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015 http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt http://marc.info/?l=bugtraq&m=107711762014175&w=2 http://marc.info/?l=bugtraq&m=10771 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0700
https://notcve.org/view.php?id=CVE-2003-0700
The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699. El controlador de sonido C-Media PCI para Linux anteriores a 2.4.22 no utliliza la función get_user para acceder al espacio de usuario en ciertas condiciones, lo cual cruza límites de seguridad y puede facilitar la explotación de vulnerabilidades, una vulnerabilidad diferente de CAN-2004-0699. • http://www.redhat.com/support/errata/RHSA-2003-238.html http://www.redhat.com/support/errata/RHSA-2004-044.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A401 https://access.redhat.com/security/cve/CVE-2003-0700 https://bugzilla.redhat.com/show_bug.cgi?id=1617073 •
CVSS: 1.7EPSS: 0%CPEs: 42EXPL: 0CVE-2003-0986
https://notcve.org/view.php?id=CVE-2003-0986
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service. • http://linux.bkbits.net:8080/linux-2.4/cset%403fdd54b3u9Eq0Wny2Nn1HGfI3pofOQ http://linux.bkbits.net:8080/linux-2.6/cset%403ffcf122S7e3xPZCpibrXq6KRRjwqw http://www.redhat.com/support/errata/RHSA-2004-017.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9707 https://access.redhat.com/security/cve/CVE-2003-0986 https://bugzilla.redhat.com/show_bug.cgi?id=1617116 •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 2CVE-2000-0289
https://notcve.org/view.php?id=CVE-2000-0289
IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. • http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html http://www.novell.com/linux/security/advisories/suse_security_announce_48.html http://www.securityfocus.com/bid/1078 •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 1CVE-1999-0986 – Linux Kernel 2.0.x (Debian 2.1 / RedHat 5.2) - Packet Length with Options
https://notcve.org/view.php?id=CVE-1999-0986
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. • https://www.exploit-db.com/exploits/19675 http://www.securityfocus.com/bid/870 •