CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 1CVE-2010-4160 – kernel: L2TP send buffer allocation size overflows
https://notcve.org/view.php?id=CVE-2010-4160
Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call. Múltiples desbordamientos de entero en las funciones (1) pppol2tp_sendmsg de net/l2tp/l2tp_ppp.c, y (2) l2tp_ip_sendmsg de net/l2tp/l2tp_ip.c, en las implementaciones PPPoL2TP y IPoL2TP en el kernel de Linux anterior a v2.6.36.2, permiten a usuarios locales provocar una denegación de servicio (corrupción en el montón de la memoria y pánico) o puede que aumentar privilegios a través de una llamada sendto. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=253eacc070b114c2ec1f81b067d2fed7305467b0 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8acfe468b0384e834a303f08ebc4953d72fb690a http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce& • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 3%CPEs: 11EXPL: 0CVE-2010-4164
https://notcve.org/view.php?id=CVE-2010-4164
Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873. Múltiples desbordamientos inferioreres de buffer en la función x25_parse_facilities en net/x25/x25_facilities.c en el kernel de Linux anteriores a v2.6.36.2 permite a atacantes remotos provocar una denegación de servicio (fallo del sistema) a través de X.25 con formato incorrecto (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B , (3) X25_FAC_CLASS_C, o (4) X25_FAC_CLASS_D, una vulnerabilidad diferente de CVE-2010-3873. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.o • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 3CVE-2010-4158 – Linux Kernel 2.6.x - 'net/core/filter.c' Local Information Disclosure
https://notcve.org/view.php?id=CVE-2010-4158
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. La función sk_run_filter en net/core/filter.c en el kernel de Linux anteriores a v2.6.36.2 no comprueba si una posición de memoria determinada se ha inicializado antes de ejecutar una instrucción (1) BPF_S_LD_MEM o (2) BPF_S_LDX_MEM, permite a usuarios locales obtener información potencialmente confidencial de pila del núcleo de la memoria a través de un filtro socket manipulado. • https://www.exploit-db.com/exploits/34987 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=57fe93b374a6b8711995c2d466c502af9f3a08bb http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077321.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 11EXPL: 1CVE-2010-4157 – kernel: gdth: integer overflow in ioc_general()
https://notcve.org/view.php?id=CVE-2010-4157
Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call. Desbordamiento de entero en la función ioc_general en drivers/scsi/gdth.c en el kernel Linux, en versiones anteriores a la 2.6.36.1 en plataformas de 64-bit, permite a atacantes locales provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un argumento largo en una llamada ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f63ae56e4e97fb12053590e41a4fa59e7daa74a4 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://l • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.2EPSS: 0%CPEs: 11EXPL: 1CVE-2010-4258 – Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-4258
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. La función do_exit en kernel/exit.c en el kernel de Linux anteriores a v2.6.36.2 no gestiona de forma adecuada el KERNEL_DS y el valor get_fs, lo que permite a usuarios locales saltarse las restricciones access_ok, sobrescribiendo posiciones de memoria del kernel, y obtener privilegios mediante el aprovechamiento de un (1) ERROR, (2) desreferencia a un puntero NULL, o (3) error de página, como lo demuestró por vectores que implican la característica clear_child_tid en las llamadas al sistema de unión. • https://www.exploit-db.com/exploits/15704 http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html http://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc http://code.google.com/p/chromium-os/issues/detail?id=10234 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177 http://googlechromereleases.blogspot.com/2011/01/chrome-os-beta-channel-update.html http://lists.fedoraproject.org/pipermail/package-annou • CWE-269: Improper Privilege Management •