CVE-2009-2906 – samba: infinite loop flaw in smbd on unexpected oplock break notification reply
https://notcve.org/view.php?id=CVE-2009-2906
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. smbd en Samba v3.0 anterior a v3.0.37, v3.2 anterior a v3.2.15, v3.3 anterior a v3.3.8 y v3.4 anterior a v3.4.2, permite a usuarios autenticados remotamente provocar una denegación de servicio (bucle infinito) a través de un paquete de notificación de respuesta "oplock break" imprevisto. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://news.samba.org/releases/3.0.37 http://news.samba.org/releases/3.2.15 http://news.samba.org/releases/3.3.8 http://news.samba.org/releases/3.4.2 http://osvdb.org/58519 http://samba.org/samba/security/CVE-2009-2906.html http://secunia.com/advisories/36893 http://secunia.com/advisories/36918 http:/ • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2009-3238 – kernel: random: add robust get_random_u32, remove weak get_random_int
https://notcve.org/view.php?id=CVE-2009-3238
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time." La función get_random_int de drivers/char/random.c en el kernel de Linux anterior a v2.6.30, produce números que nos son suficientemente aleatorios, esto permite a los atacantes predecir el valor devuelto y permite que se puedan superar los mecanismos de protección basados en la aleatoriedad, a través de vectores que eleven la tendencia de la función a "devolver el mismo valor una y otra vez durante largos periodos de tiempo". • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://patchwork.kernel.org/patch/21766 http://secunia.com/advisories/37105 http://secunia.com/advisories/37351 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30 http://www.redhat.com/support/errata/RHSA-2009& • CWE-330: Use of Insufficiently Random Values CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVE-2009-3231 – postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed
https://notcve.org/view.php?id=CVE-2009-3231
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. El componente core server en PostgreSQL desde v8.3 anteriores a v8.3.8 y desde v8.2 anteriores a v8.2.14, cuando se utiliza la autenticación de LDAP con imposiciones anónimas, permite a atacantes remotos evitar la autenticación a través de una contraseña vacía. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://secunia.com/advisories/36660 http://secunia.com/advisories/36727 http://secunia.com/advisories/36800 http://secunia.com/advisories/36837 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://www.postgresql.org/docs/8.3/static/release-8-3-8.html http://www.postgr • CWE-287: Improper Authentication •
CVE-2009-2903
https://notcve.org/view.php?id=CVE-2009-2903
Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams. Fuga de memoria en el subsistema appletalk en el Kernel de Linux v2.4.x hasta v2.4.37.6 y v2.6.x hasta v2.6.31, cuando los módulos appletalk y ipddp están cargados pero el dispositivo ipddp"N" no se encuentra, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de datagramas IP-DDP. • http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git%3Ba=commit%3Bh=ffcfb8db540ff879c2a85bf7e404954281443414 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html http://secunia.com/advisories/36707 http://secunia.com/advisories/37105 http://sec • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2009-3001 – Linux Kernel 2.6.31-rc7 - 'AF_LLC getsockname' 5-Byte Stack Disclosure
https://notcve.org/view.php?id=CVE-2009-3001
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket. La función llc_ui_getname en net/llc/af_llc.c del kernel de Linux v2.6.31-rc7 y anteriores no inicializa cierta estructura de datos, lo que permite leer a los usuarios locales el contenido de algunas celdas de memoria del núcleo llamando a la función getsockname a través de un socket AF_LLC. • https://www.exploit-db.com/exploits/9513 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=28e9fc592cb8c7a43e4d3147b38be6032a0e81bc http://jon.oberheide.org/files/llc-getsockname-leak.c http://secunia.com/advisories/37105 http://www.exploit-db.com/exploits/9513 http://www.openwall.com/lists/oss-security/2009/08/26/1 http://www.securityfocus.com/bid/36126 http://www.ubuntu.com/usn/USN-852-1 https://bugzilla.redhat.com/show_bug.cgi?id=519 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •