CVE-2009-4895 – kernel: tty->pgrp races
https://notcve.org/view.php?id=CVE-2009-4895
Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9. Condición de carrera en la función tty_fasync en drivers/char/tty_io.c en el kernel de Linux v2.6.32.6, permite a usuarios locales provocar una denegación de servicio (deferencia puntero nulo o caída del sistema) o posiblemente tener otro impacto no especificado a través de vectores desconocidos, relacionado con las funciones put_tty_queue y __f_setown. NOTA: la vulnera fue dirigida de un modo distinto en v2.6.32.9. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=703625118069f9f8960d356676662d3db5a9d116 http://www.debian.org/security/2010/dsa-2094 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.6 http://www.openwall.com/lists/oss-security/2010/06/15/2 http://www.openwall.com/lists/oss-security/2010/06/15/3 http://www.openwall.com/lists/oss-security/2010/06/15/4 http://www.openwall.com/lists/oss-security/2010/06/15/5 http • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVE-2010-2798 – kernel: gfs2: rename causes kernel panic
https://notcve.org/view.php?id=CVE-2010-2798
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. La función gfs2_dirent_find_space en fs/gfs2/dir.c en el kernel de Linux anterior a v 2.6.35, usa un valor de tamaño incorrecto en los cálculos asociados con las entradas del directorio "sentinel", lo que permite a usuarios locales provocar una denegación de servicio (deferencia a puntero nullo y kernel panic) y posiblemente otro impacto no especificados mediante el renombrado de un archivo en un sistema de fichero GFS2, relacionado con la función gfs2_rename en fs/gfs2/ops_inode.c. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=728a756b8fcd22d80e2dbba8117a8a3aafd3f203 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html http://secunia.com/advisories/46397 http://securitytracker.com/id?1024386 http://support.avaya.com/css/P8/documents/100113326 http://www.debian.org/security/2010/dsa-2094 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLo • CWE-476: NULL Pointer Dereference •
CVE-2010-2226 – kernel: xfs swapext ioctl minor security issue
https://notcve.org/view.php?id=CVE-2010-2226
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. La función xfs_swapext en fs/xfs/xfs_dfrag.c en el kernel de Linux kernel anterior v2.6.35 no chequea adecuadamente los descriptores de archivo en SWAPEXT ioctl, lo que permiete a usuarios locales aprovechar el acceso de escritura y obtener acceso de lectura por intercambio de un fichero en otro fichero. • http://archives.free.net.ph/message/20100616.130710.301704aa.en.html http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1817176a86352f65210139d4c794ad2d19fc6b63 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://marc.info/?l=oss-security&m=127677135609357&w=2 http://marc.info/?l=oss-security& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-2807
https://notcve.org/view.php?id=CVE-2010-2807
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. FreeType anterior a v2.4.2 utiliza incorrectametne tipos de datos entero durante la comprobación de límites, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de ficheros fuente manipulados. • http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=346f1867fd32dae8f56e5b482d1af98f626804ac http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://marc.info/?l=oss-security&m=128111955616772&w=2 http://secunia.com/advisories/40816 http://secunia.com/advisories/40982 http://secunia.com/advisories/42314 http: • CWE-681: Incorrect Conversion between Numeric Types •
CVE-2010-2541 – Freetype ftmulti buffer overflow
https://notcve.org/view.php?id=CVE-2010-2541
Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Desbordamiento de búfer en ftmulti.c en el programa ftmulti demo en FreeType anterior a v2.4.2 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un fichero fuente manipulado. • http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 http://secunia.com/advisories/40982 http://secunia.com/advisories/48951 http://securitytracker.com/id?1024266 http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view http://www.redhat.com/support/errata/RHSA-2010-0577.html http://www.redhat.com/support/errata/RHSA-2010-0578.html http://www.ubuntu.com/usn/USN-972-1 http://www.vupen.com/english/advisories/2010/2106 https://bugs.launchpa • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •