Page 15 of 206 results (0.024 seconds)

CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. La función xfs_ioc_fsgetxattr en fs/xfs/linux-2.6/xfs_ioctl.c del kernel Linux anterior a v2.6.36-rc4 no inicializa apropiadamente ciertos miembros de estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la pila de memoria del kernel a través de una llamada ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/41284 http://secunia.com/advisories/41512 http://secunia • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0

Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device. Vulnerabilidad de doble liberación en la función snd_seq_oss_open de sound/core/seq/oss/seq_oss_init.c en el kernel Linux anterior a v6.36-rc4 podría permitir a usuarios locales causar una denegación de servicio o posiblemente tener otro impacto sin especificar a través de de un intento fallido de abrir el dispositivo /dev/sequencer • http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=c598337660c21c0afaa9df5a65bb4a7a0cf15be8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=27f7ad53829f79e799a253285318bff79ece15bd http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/42890 http://ww • CWE-415: Double Free •

CVSS: 8.3EPSS: 87%CPEs: 8EXPL: 0

Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. Un desbordamiento de búfer basado en pila en las funciones (1) sid_parse y (2) dom_sid_parse en Samba anterior a v3.5.5 permite a los atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código a su elección a través de Windows Security ID (SID) manipulados en un fichero compartido. • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047650.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047697.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047758.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://lists.opensuse.org/opensuse-sec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0

The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size. La función cfg80211_wext_giwessid en net/wireless/wext-compat.c en el kernel de Linux anterior a v2.6.36-rc3-next-20100831 no inicializa adecuadamente determinadas estructuras de miembros, lo que permite a usuarios locales aprovechar un error off-by-one en la función net/wireless/wext-core.c y obtener información potencialmente sensible desde la memoria dinámica (heap) del kernel, a través de vectores que involucran una llamada SIOCGIWESSID ioctl que especifica un gran tamaño de búfer. • http://forums.grsecurity.net/viewtopic.php?f=3&t=2290 http://git.kernel.org/?p=linux/kernel/git/linville/wireless-2.6.git%3Ba=commit%3Bh=42da2f948d949efd0111309f5827bf0298bcc9a4 http://grsecurity.net/~spender/wireless-infoleak-fix2.patch http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lkml.org/lkml/2010/8/27/413 http://lkml.org/lkml/2010/8/30/127 http://lkml.org/lkml • CWE-193: Off-by-one Error •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1

The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. La función keyctl_session_to_parent en security/keys/keyctl.c en el kernel de Linux v2.6.35.4 y anteriores, espera que determinados keyrings de sesión aparezcan, lo que permite a usuarios locales provocar una denegación de servicio(deferencia a puntero nulo y caída de sistema) o posiblemente tener otro impacto sin especificar a través del argumento KEYCTL_SESSION_TO_PARENT a la función keyctl. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://secunia.com/advisories/41263 http://securitytracker.com/id?1024384 http://twitter.com/taviso/statuses/22777866582 http://www.openwall.com/lists/oss-security/2010/09/02/1 http://www.securityfocus.com/bid/42932 http://www.ubuntu.com/usn/USN-1000-1 http://www.vupen.com/english/advisories/2011/0298 https://bugzilla.redhat.c • CWE-476: NULL Pointer Dereference •