CVSS: 7.8EPSS: 2%CPEs: 10EXPL: 5CVE-2011-2189 – Linux Kernel 2.6.35 - Network Namespace Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-2189
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd. net / core / net_namespace.c en el kernel de Linux v2.6.32 y anteriores no maneja adecuadamente una alta tasa de creación y limpieza de los espacios de nombres de red, lo cual lo hace más fácil para los atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de peticiones a un demonio que requiere un espacio de nombres separados por conexión, como se demuestra por vsftpd. • https://www.exploit-db.com/exploits/36425 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629373 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2b035b39970740722598f7a9d548835f9bdd730f http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f875bae065334907796da12523f9df85c89f5712 http://ie.archive.ubuntu.com/linux/kernel/v2.6/ChangeLog-2.6.33 http://kerneltrap.org/mailarchive/git-commits-head/2009/12/8/15289 http://neil.brown&# • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2925 – cumin: broker username/password appears in the log file
https://notcve.org/view.php?id=CVE-2011-2925
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker. Cumin en Red Hat Enterprise Messaging, en Realtime, y en Grid (MRG) v2.0 registra credenciales de autenticación de agente en un archivo de registro, lo que permite a usuarios locales eludir la autenticación y realizar acciones no autorizadas en trabajos y las colas de mensajes a través de una conexión directa con el agente. • http://osvdb.org/75217 http://secunia.com/advisories/45887 http://secunia.com/advisories/45928 http://www.redhat.com/support/errata/RHSA-2011-1249.html http://www.redhat.com/support/errata/RHSA-2011-1250.html http://www.securityfocus.com/bid/49500 http://www.securitytracker.com/id?1026021 https://bugzilla.redhat.com/show_bug.cgi?id=731574 https://exchange.xforce.ibmcloud.com/vulnerabilities/69659 https://access.redhat.com/security/cve/CVE-2011-2925 • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 6%CPEs: 8EXPL: 0CVE-2010-4526 – kernel: sctp: a race between ICMP protocol unreachable and connect()
https://notcve.org/view.php?id=CVE-2010-4526
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. Condición de carrera en el kernel de Linux 2.6.11-rc2 hasta 2.6.33. Permite a atacantes remotos provocar una denegación de servicio (kernel panic) a través de un mensaje no enrutable ICMP a un socket que ya se encuentra bloqueado por un usuario, lo que provoca que el socket sea liberado y una corrupción de lista. Relacionado con la función sctp_wait_for_connect. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819 http://secunia.com/advisories/42964 http://secunia.com/advisories/46397 http://www.openwall.com/lists/oss-security/2011/01/04/13 http://www.openwall.com/lists/oss-security/2011/01/04/3 http://www.redhat.com/support/errata/RHSA-2011-0163.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/45661 http:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4179 – plugin: enable QUEUE_ALL_USERS_TRUSTED for Submit/Hold/Release/Remove ops
https://notcve.org/view.php?id=CVE-2010-4179
The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins. La documentación de instalación de Red Hat Enterprise Messaging, Realtime and Grid (MRG) v1.3 recomienda que Condor debe ser configurado para que la consola de gestion de MRG (cumin) pueda enviar tareas a los usuarios, lo que crea un canal de confianza con insuficientes controles de acceso, lo que permite ejecutar tareas como un usuario cualquiera a usuarios locales con la capacidad de publicar a un broker a través de las extensiones de Condor QMF. • http://secunia.com/advisories/42406 http://www.redhat.com/support/errata/RHSA-2010-0921.html http://www.redhat.com/support/errata/RHSA-2010-0922.html http://www.securitytracker.com/id?1024806 http://www.vupen.com/english/advisories/2010/3091 https://bugzilla.redhat.com/show_bug.cgi?id=654856 https://access.redhat.com/security/cve/CVE-2010-4179 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0CVE-2009-5005 – qpid: crash on receipt of invalid AMQP data
https://notcve.org/view.php?id=CVE-2009-5005
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data. La función Cluster::deliveredEvent de cluster/Cluster.cpp de Apache Qpid, tal como es utilizada en Red Hat Enterprise MRG en versiones anteriores a la v1.3 y otros productos, permite a atacantes remotos provocar una denegación de servicio (caída del servicio y del cluster) a través de datos AMQP inválidos. • http://secunia.com/advisories/41710 http://secunia.com/advisories/41812 http://svn.apache.org/viewvc?revision=785788&view=revision http://www.vupen.com/english/advisories/2010/2684 https://bugzilla.redhat.com/show_bug.cgi?id=642373 https://rhn.redhat.com/errata/RHSA-2010-0773.html https://rhn.redhat.com/errata/RHSA-2010-0774.html https://access.redhat.com/security/cve/CVE-2009-5005 •