CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3831 – kernel: i915 kernel drm driver arbitrary ioremap
https://notcve.org/view.php?id=CVE-2008-3831
The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration. El driver i915 en (1) drivers/char/drm/i915_dma.c en el kernel v2.6.24 de Linux en Debian GNU/Linux y (2) sys/dev/pci/drm/i915_drv.c en OpenBSD no restringe el DRM_I915_HWS_ADDR ioctl al Direct Rendering Manager (DRM) master, lo cual permite a usuarios locales provocar una denegación de servicio (corrupción de memoria) mediante una llamada ioctl manipulada, relacionado con la ausencia de los indicadores DRM_MASTER y DRM_ROOT_ONLY en la configuración de los ioctl. • http://archives.neohapsis.com/archives/openbsd/cvs/2008-10/0365.html http://secunia.com/advisories/32315 http://secunia.com/advisories/32386 http://secunia.com/advisories/32709 http://secunia.com/advisories/32918 http://secunia.com/advisories/33182 http://secunia.com/advisories/33586 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz http://securitytracker.com/id?1021065 http://sunsolve.sun.com/search/document.do&# • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 2%CPEs: 10EXPL: 0CVE-2008-2476
https://notcve.org/view.php?id=CVE-2008-2476
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). La implementación IPv6 Neighbor Discovery Protocol (NDP) en (1) FreeBSD v6.3 hasta v7.1, (2) OpenBSD v4.2 y v4.3, (3) NetBSD, (4) Force10 FTOS versiones anteriores a vE7.7.1.1, (5) Juniper JUNOS, y (6) Wind River VxWorks 5.x hasta v6.4 no valida los mensaje originales de Neighbor Discovery, lo cual permite a atacantes remotos provocar una denegación de servicio (pérdida de conectividad) o leer tráfico de red privado a través de mensajes falsos que modifica la Forward Information Base (FIB). • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc http://secunia.com/advisories/32112 http://secunia.com/advisories/32116 http://secunia.com/advisories/32117 http://secunia.com/advisories/32133 http://secunia.com/advisories/32406 http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc http://securitytracker.com/id?1020968 http://support.apple.com/kb/HT3467 http://www.kb.cert.org/vuls/id/472363 http://www.kb.cert.org/vuls/id/ • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 8%CPEs: 3EXPL: 3CVE-2008-4247 – Multiple Vendor FTP Server - Long Command Handling Security
https://notcve.org/view.php?id=CVE-2008-4247
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. ftpd en OpenBSD 4.3, FreeBSD 7.0, y NetBSD 4.0 interpreta como múltiples comandos los comandos largos desde un cliente FTP, lo que permite a atacantes remotos llevar a cabo ataques de falsificación de petición en sitios cruzados (CSFR) y ejecutar comandos FTP de su elección a través de una URI ftp:// larga que aprovecha una sesión FTP existente en la implementación de un cliente FTP en un navegador web. • https://www.exploit-db.com/exploits/32399 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc http://bugs.proftpd.org/show_bug.cgi?id=3115 http://secunia.com/advisories/32068 http://secunia.com/advisories/32070 http://secunia.com/advisories/33341 http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc http://securityreason.com/achievement_securityalert/56 http://securityreason.com/securityalert/4313 http://www.openbsd.org/cgi-bin/cvsweb/src/ • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 7%CPEs: 133EXPL: 0CVE-2008-4109
https://notcve.org/view.php?id=CVE-2008-4109
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. Cierto parche de Debian para OpenSSH en versiones anteriores a 4.3p2-9etch3 en etch, y versiones anteriores a 4.6p1-1 en sid y lenny, que utiliza funciones que no son señales asíncronas seguras (async-signal-safe) en el gestor de señales para los tiempos de autentificado, el cual permite a los atacantes remotos causar una denegación de servicio (agotamiento de la ranura de conexión) a través de múltiples intentos de autenticación. NOTA: esto existe por una incorrecta solución de CVE-2006-5051. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html http://secunia.com/advisories/31885 http://secunia.com/advisories/32080 http://secunia.com/advisories/32181 http://www.debian.org/security/2008/dsa-1638 http://www.openwall.com/lists/oss-security/2024/07/01/3 http://www.securitytracker.com/id?1020891 http://www.ubuntu.com/usn/usn-649-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/4520 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 0CVE-2008-3844
https://notcve.org/view.php?id=CVE-2008-3844
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known. Ciertos paquetes Red Hat Enterprise Linux (RHEL) 4 y 5 para OpenSSH, como fueron firmados en agosto de 2008 usando una clave Red Hat GPG legítima, contienen una modificación introducida externamente (Trojan Horse) que permite a los autores de los paquetes tener un impacto desconocido. NOTA: como los paquetes maliciosos no fueron distribuidos por ninguna fuente Red Hat oficial, el impacto de este problema está restringido a usuarios que pudieran haber obtenido estos paquetes a través de puntos de distribución no oficiales. • http://secunia.com/advisories/31575 http://secunia.com/advisories/32241 http://securitytracker.com/id?1020730 http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm http://www.redhat.com/security/data/openssh-blacklist.html http://www.redhat.com/support/errata/RHSA-2008-0855.html http://www.securityfocus.com/bid/30794 http://www.vupen.com/english/advisories/2008/2821 https://exchange.xforce.ibmcloud.com/vulnerabilities/44747 https://access.redhat.com/security/cve/CVE-2008- • CWE-20: Improper Input Validation •