CVE-2010-3437 – Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure
https://notcve.org/view.php?id=CVE-2010-3437
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. Error de presencia de signo en entero en la función pkt_find_dev_from_minor de drivers/block/pktcdvd.c del kernl de Linux en versiones anteriores a la 2.6.36-rc6 permite a usuarios locales obtener información confidencial de la memoria del kernel o provocar una denegación de servicio (resolución de referencia a puntero inválido y caída de la aplicación) a través de un valor de índice modificado en una llamada ioctl PKT_CTRL_CMD_STATUS. • https://www.exploit-db.com/exploits/15150 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=252a52aa4fa22a668f019e55b3aac3ff71ec1c29 http://jon.oberheide.org/files/cve-2010-3437.c http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004& • CWE-476: NULL Pointer Dereference •
CVE-2010-2478
https://notcve.org/view.php?id=CVE-2010-2478
Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084. Desbordamiento de enteros en la función ethtool_get_rxnfc en net/core/ethtool.c en el kernel de Linux anterior a v2.6.33.7 en plataformas de 32 bits permite a usuarios locales causar una denegación de servicio o posiblemente tener un impacto no especificado a través de un comando ethtool ETHTOOL_GRXCLSRLALL con una valor info.rule_cnt grande lo cual provoca un desbordamiento de búfer, una vulnerabilidad diferente de CVE-2010-3084. • http://article.gmane.org/gmane.linux.network/164869 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db048b69037e7fa6a7d9e95a1271a50dc08ae233 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.7 http://www.openwall.com/lists/oss-security/2010/06/29/1 http://www.openwall.com/lists/oss-security/2010/06/29/3 http://www.openwall.com/lists/oss-security/2010/06 • CWE-190: Integer Overflow or Wraparound •
CVE-2010-3084 – kernel: niu: buffer overflow for ETHTOOL_GRXCLSRLALL
https://notcve.org/view.php?id=CVE-2010-3084
Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command. Desbordamiento de búfer en la función niu_get_ethtool_tcam_all en drivers/net/niu.c en el kernel de Linux anteriores a v2.6.36-rc4 permite a usuarios locales causar una denegación de servicio o posiblemente tener un impacto no especificado a través del comando ethtool ETHTOOL_GRXCLSRLALL. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ee9c5cfad29c8a13199962614b9b16f1c4137ac9 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4 http://www.openwall.com/lists/oss-security/2010/09/09/1 http://www.openwall.com/lists/oss-security/2010/09/11/1 http://www.redhat.com/support/errata/RHSA-2010-0842.html http://www.securityfocus.com/bid/4309 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2946
https://notcve.org/view.php?id=CVE-2010-2946
fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name. fs/jfs/xattr.c en el kernel de Linux anterior a v2.6.35.2 no controla correctamente un cierto formato antiguo para el almacenamiento de los atributos extendidos, lo cual podría permitir a usuarios locales eludir las restricciones de espacio de nombres xattr a través de una cadena "os2." al principio de un nombre. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=aca0fa34bdaba39bfddddba8ca70dba4782e8fe6 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://secunia. • CWE-20: Improper Input Validation •
CVE-2010-3310
https://notcve.org/view.php?id=CVE-2010-3310
Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions. Múltiples errores de signo entero en net/rose/af_rose.c en el kernel de Linux anteriores a v2.6.36-RC5-next-20100923 permite a usuarios locales provocar una denegación de servicio (corrupción en la pila de memoria) o posiblemente tener un impacto no especificado a través de una llamada a la función rose_getname, relacionado con las funciones rose_bind y rose_connect. • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9828e6e6e3f19efcb476c567b9999891d051f52f http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensu • CWE-189: Numeric Errors •