CVE-2008-5029 – kernel: Unix sockets kernel panic
https://notcve.org/view.php?id=CVE-2008-5029
The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. La función __scm_destroy de net/core/scm.c en el kernel de Linux 2.6.27.4, 2.6.2 y anteriores; realiza llamadas recursivas indirectas a sí mismo a través de llamadas a la función fput; esto permite a usuarios locales provocar una denegación de servicio (pánico) a través de vectores relacionados con el envío de un mensaje SCM_RIGTHS a través de un socket de dominio UNIX y cerrando los descriptores de ficheros. • http://archives.neohapsis.com/archives/bugtraq/2009-01/0006.html http://darkircop.org/unix.c http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.9 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html http://marc.info/?l=linux-netdev&m=122593044330973&w=2 http://secunia.com/advisories/32918 http://s •
CVE-2008-4933 – kernel: hfsplus: fix Buffer overflow with a corrupted image
https://notcve.org/view.php?id=CVE-2008-4933
Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. Desbordamiento del búfer en la función hfsplus_find_cat de fs/hfsplus/catalog.c en el kernel de Linux anterior a 2.6.28-rc1; permite a los atacantes provocar una denegación de servicio (corrupción de memoria o caída del sistema) a través de una imagen del sistema de ficheros hfsplus con un campo de la longitud del nombre (namelength) de catalog (catálogo) no válido. Está relacionado con la función hfsplus_cat_build_key_uni. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=efc7ffcb4237f8cb9938909041c4ed38f6e1bf40 http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html http://rhn.redhat.com/errata/RHSA-2009-0264.html http://secunia.com/advisories/32510 http://secunia.com/advisories/32918 http://secunia.com/a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-4618 – kernel: sctp: Fix kernel panic while process protocol violation parameter
https://notcve.org/view.php?id=CVE-2008-4618
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. La implementación de Stream Control Transmission Protocol (sctp) en los nucleos de Linux anteriores a v2.6.27 no manejan correctamente una violación del protocolo en la que un parámetro tiene una longitud no válida, permitiendo a atacantes remotos provocar una denegación de servicio (finalización en modo pánico) mediante vectores no especificados, relacionados con sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, y tipos de datos incorrectos en las llamadas a funciones. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=ba0166708ef4da7eeb61dd92bbba4d5a749d6561 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html http://secunia.com/advisories/32918 http://secunia.com/advisories/32998 http://secunia.com/advisories/33586 http://www.debian.org/security/2008/dsa-1681 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27 http://www.openwall.com/lists/oss-security/2008/10/06/1 http: • CWE-20: Improper Input Validation •
CVE-2008-4576 – kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH
https://notcve.org/view.php?id=CVE-2008-4576
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. sctp en el kernel de Linux anterior a 2.6.25.18 permite a atacantes remotos provocar una denegación de servicio (OOPS) mediante un INIT-ACK que establece la AUTH de compartición no admitida, lo que provoca que la función sctp_process_init limpie los transportes activos y dispare la OOPS cuando el temporizador T1-Init se agota. • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.18 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://permalink.gmane.org/gmane.comp.security.oss.general/1039 http://secunia.com/advisories/32370 http://secunia.com/advisories/32386 http://secunia.com/advisories/32759 http://secunia.com/advisories/ • CWE-287: Improper Authentication •
CVE-2008-4554 – kernel: don't allow splice() to files opened with O_APPEND
https://notcve.org/view.php?id=CVE-2008-4554
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. La función do_splice_from en fs/splice.c del kernel de Linux anterior al 2.6.27 no rechaza los descriptores de fichero que tienen la bandera O_APPEND, lo que permite a usuarios locales evitar el modo append y hacer cambios de su elección a otros sitios en el archivo. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=efc968d450e013049a662d22727cf132618dcb2f http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://secunia.com/advisories/32386 http://secunia.com/advisories/32918 http://secunia.com/advisories/32998 http://secunia.com/advisories/33180 http://secunia.com/advisories/33182 http://secunia.com/advisories/33586 http://secunia.com/advisories/35390 http://www.debian.org/security/2008/ • CWE-264: Permissions, Privileges, and Access Controls •