CVE-2008-4445 – kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option
https://notcve.org/view.php?id=CVE-2008-4445
The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113. La función sctp_auth_ep_set_hmacs en net/sctp/auth.c en la implementación del Protocolo de Control de Transmisión de Streaming(sctp) la del kernel de Linux anterior a 2.6.26.4, cuando la extensión SCTP-AUTH está habilitada, no comprueba que el indice del identificador esta dentro de los límites establecido por SCTP_AUTH_HMAC_ID_MAX, lo que permite a usuarios locales obtener información sensible a través de una solicitud SCTP_HMAC_IDENT IOCTL modificada que involucre a la función sctp_getsockopt, una vulnerabilidad diferente que CVE-2008-4113. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=d97240552cd98c4b07322f30f66fd9c3ba4171de http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html http://marc.info/?l=linux-sctp&m=121986743009093&w=2 http://marc.info/?l=linux-sctp&m=121986743209110&w=2 http://secunia.com/advisories/32190 http://secunia.com/advisories/32315 http://secunia.com/advisories/32393 http://www.debian.org/security/2008/dsa-1655 http://www.kernel. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4113 – Linux Kernel < 2.6.26.4 - SCTP Kernel Memory Disclosure
https://notcve.org/view.php?id=CVE-2008-4113
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function. Función The sctp_getsockopt_hmac_ident en net/sctp/socket.c la implementación de Stream Control Transmission Protocol (sctp) en el kernel de Linux anterior a 2.6.26.4, cuando la extensión SCPT-AUTH está activada, basada en un valor de tamaño no confiable en el límite de la copia de datos de la memoria del kernel, permite a usuarios locales obtener información sensible a través de una petición SCTP_HMAC_IDENT IOCTL manipulada implicando a la función sctp_getsockopt. • https://www.exploit-db.com/exploits/7618 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=d97240552cd98c4b07322f30f66fd9c3ba4171de http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html http://secunia.com/advisories/32190 http://secunia.com/advisories/32315 http://secunia.com/advisories/32393 http://securityreason.com/securityalert/4266 http://www.debian.org/security/2008/dsa-1655 http://www.kernel.org/pub/linux/kernel/v2.6/Ch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-3915 – kernel: nfsd: fix buffer overrun decoding NFSv4 acl
https://notcve.org/view.php?id=CVE-2008-3915
Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl. Desbordamiento del búfer en nfsd en el kernel de Linux anterior a 2.6.26.4, cuando NFSv4 está activado, permite a atacantes remotos realizar acciones con un impacto desconocido a través de vectores que están relacionados con la decodificación de un NFSv4 acl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=91b80969ba466ba4b915a4a1d03add8c297add3f http://lkml.org/lkml/2008/9/3/286 http://secunia.com/advisories/31881 http://secunia.com/advisories/32190 http://secunia.com/advisories/32393 http://www.debian.org/security/2008/dsa-1636 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4 http://www.openwall.com/lists/oss-security/2008/09/04/18 http://www.openwall.com/lists/oss& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3526 – Linux kernel sctp_setsockopt_auth_key() integer overflow
https://notcve.org/view.php?id=CVE-2008-3526
Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option. Desbordamiento de entero en la función sctp_setsockopt_auth_key de net/sctp/socket.c en la implementación Stream Control Transmission Protocol (sctp) del kernel de Linux de 2.6.24-rc1 a 2.6.26.3 permite a atacantes remotos provocar una denegación de servicio (pánico) o posiblemente tener otro impacto no especificado mediante un campo sca_keylength manipulado asociado con la opción SCTP_AUTH_KEY. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=30c2235cbc477d4629983d440cdc4f496fec9246 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html http://secunia.com/advisories/31881 http://secunia.com/advisories/32190 http://secunia.com/advisories/32393 http://www.debian.org/security/2008/dsa-1636 http://www.mandriva.com/security/advisories?name=MDVSA-2008:223 http://www.openwall.com/lists/oss-security/2008/08/26/9 http://ww • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2008-3276 – Linux kernel dccp_setsockopt_change() integer overflow
https://notcve.org/view.php?id=CVE-2008-3276
Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field. Desbordamiento de entero en la función dccp_setsockopt_change de net/dccp/proto.c en el subsistema Datagram Congestion Control Protocol (DCCP (Protocolo de Control de Congestión de Datagramas)) del kernel de Linux de 2.6.17-rc1 a 2.6.26.2 permite a atacantes remotos provocar una denegación de servicio (pánico) mediante un valor de entero manipulado, relacionado con opciones Change L y Change R que no tienen al menos un byte en el campo dccpsf_val. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=3e8a0a559c66ee9e7468195691a56fefc3589740 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html http://secunia.com/advisories/31509 http://secunia.com/advisories/31836 http://secunia.com/advisories/31881 http://secunia.com/advisories/32190 http://secunia.com/advisories/32237 http://secunia.com/advisories/32370 http://secunia.com/advisories/32393 http://secunia.com/advisories/32485 http& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •