CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 0CVE-2009-2910 – kernel: x86_64 32 bit process register leak
https://notcve.org/view.php?id=CVE-2009-2910
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. arch/x86/ia32/ia32entry.S en el kernel de Linux anteriores a v2.6.31.4 en plataformas x86_64 no limpia adecuadamente ciertos registros del kernel antes de regresar al modo usuario, lo que permite a usuarios locales leer valores del registro desde un proceso anterior mediante el cambio de un proceso ia32 al modo 64-bit • http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git%3Ba=commit%3Bh=24e35800cdc4350fc34e2bed37b608a9e13ab3b6 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lkml.org/lkml/2009/10/1/164 http://marc.info/?l=oss-security&m=125442304214452&w=2 http://marc.info/?l=oss-security&m=125444390112831&w&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 20EXPL: 0CVE-2009-3612 – kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7
https://notcve.org/view.php?id=CVE-2009-3612
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. La función tcf_fill_node en net/sched/cls_api.c del subsistema netlink en el kernel de Linux v2.6.x hasta la v2.6.32-rc5, y v2.4.37.6 y anteriores, no inicializa un determinado miembro de la estructura tcm__pad2, lo que puede permitir a usuarios locales obtener información confidencial de la memoria del kernel a través de vectores de ataque sin especificar. NOTA: esta vulnerabilidad existe debido a una solución incompleta de CVE-2005-4881. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad61df918c44316940404891d5082c63e79c256a http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://patchwork.ozlabs.org/patch/35412 http://secunia.com/advisories/37086 http://secunia& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 20EXPL: 0CVE-2009-3228 – kernel: tc: uninitialised kernel memory leak
https://notcve.org/view.php?id=CVE-2009-3228
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. La función tc_fill_tclass en net/sched/sch_api.c del subsistema tc en el kernel de Linux v2.4.x anteriores a la v2.4.37.6 y v2.6.x anteriores a la v2.6.31-rc9 no inicializa un determinado miembro de la estructura (1) tcm__pad1 y (2) tcm__pad2, lo que permite a atacantes locales obtener información confidencial de la memoria del kernel a través de vectores de ataque sin especificar. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=096ed17f20affc2db0e307658c69b67433992a7a http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://patchwork.ozlabs.org/patch/32830 http://secunia.com/advisories/37084 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://www.kernel.org/pub/linux/k • CWE-401: Missing Release of Memory after Effective Lifetime CWE-909: Missing Initialization of Resource •
CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0CVE-2009-2906 – samba: infinite loop flaw in smbd on unexpected oplock break notification reply
https://notcve.org/view.php?id=CVE-2009-2906
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. smbd en Samba v3.0 anterior a v3.0.37, v3.2 anterior a v3.2.15, v3.3 anterior a v3.3.8 y v3.4 anterior a v3.4.2, permite a usuarios autenticados remotamente provocar una denegación de servicio (bucle infinito) a través de un paquete de notificación de respuesta "oplock break" imprevisto. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://news.samba.org/releases/3.0.37 http://news.samba.org/releases/3.2.15 http://news.samba.org/releases/3.3.8 http://news.samba.org/releases/3.4.2 http://osvdb.org/58519 http://samba.org/samba/security/CVE-2009-2906.html http://secunia.com/advisories/36893 http://secunia.com/advisories/36918 http:/&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2009-3238 – kernel: random: add robust get_random_u32, remove weak get_random_int
https://notcve.org/view.php?id=CVE-2009-3238
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time." La función get_random_int de drivers/char/random.c en el kernel de Linux anterior a v2.6.30, produce números que nos son suficientemente aleatorios, esto permite a los atacantes predecir el valor devuelto y permite que se puedan superar los mecanismos de protección basados en la aleatoriedad, a través de vectores que eleven la tendencia de la función a "devolver el mismo valor una y otra vez durante largos periodos de tiempo". • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://patchwork.kernel.org/patch/21766 http://secunia.com/advisories/37105 http://secunia.com/advisories/37351 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30 http://www.redhat.com/support/errata/RHSA-2009& • CWE-330: Use of Insufficiently Random Values CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •