CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1013 – kernel: drm_modeset_ctl signedness issue
https://notcve.org/view.php?id=CVE-2011-1013
Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument. Error de enteros sin signo en Función drm_modeset_ctl en(1) drivers /gpu/drm/drm_irq.c del subsistema Direct Rendering Manager del kernel de Linux con anterioridad a v2.6.38 y (2) sys/dev/pci/drm/drm_irq.c en el kernel de OpenBSD con anterioridad a v4.9 permite a los usuarios locales provocar una salida de los limites en las operaciones de escritura, y por lo tanto provocar una denegación de servicio ( caída del sistema ) o, posiblemente,tener un impacto no especificado, a través de un miembro de la estructura num_crtcs ( vb_num alias ) manipulado en un argumento ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1922756124ddd53846877416d92ba4a802bc658f http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/drm_irq.c http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/drm_irq.c.diff?r1=1.41%3Br2=1.42%3Bf=h http://www.securityfocus.com/bid/47639 https://bugzilla.redhat.com/show_bug.cgi?id=679925 https://exchange. • CWE-787: Out-of-bounds Write •
CVSS: 4.0EPSS: 0%CPEs: 84EXPL: 3CVE-2010-4755
https://notcve.org/view.php?id=CVE-2010-4755
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. La (1) función remote_glob en sftp-glob.c y (2) la función process_put en sftp.c en OpenSSH v5.8 y versiones anteriores, como se usa en FreeBSD v7.3 y v8.1, NetBSD v5.0.2, OpenBSD v4.7 y otros productos, permiten a usuarios remotos autenticados causar una denegación de servicio (por excesivo uso de CPU y consumo de memoria) a través de expresiones glob debidamente modificadas que no coinciden con ningún nombre de ruta, como lo demuestran las expresiones glob en las solicitudes SSH_FXP_STAT a un demonio de sftp. Se trata de una vulnerabilidad diferente a CVE-2010-2632. • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1 http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1 http://cxib.net/stuff/glob-0day.c http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc http://securityreason.com/achievement_securityalert/89 http://securityreason.com/exploitalert/9223 http://securityreason.com/securityalert/8116 • CWE-399: Resource Management Errors •
CVSS: 4.9EPSS: 0%CPEs: 26EXPL: 2CVE-2009-0537 – Libc - 'libc:fts_*()' Local Denial of Service
https://notcve.org/view.php?id=CVE-2009-0537
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise. Desbordamiento de entero en la función fts_build en fts.c de libc sobre (1) OpenBSD v4.4 y anteriores y (2) Microsoft Interix v6.0 build 10.0.6030.0, permiten a atacantes, dependiendo del contexto, provocar una denegación de servicio (caída de la aplicación) a través de un arbol de directorio profundo, relativo al miembro de la estructura fts_level, como se ha demostrado por (a) du, (b) rm, (c) chmod, y (d) chgrp en OpenBSD; y (e)SearchIndexer.exe en Vista Enterprise. • https://www.exploit-db.com/exploits/8163 http://securityreason.com/achievement_securityalert/60 http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41%3Br2=1.42%3Bf=h http://www.securityfocus.com/archive/1/501505/100/0/threaded http://www.securityfocus.com/bid/34008 http://www.securitytracker.com/id?1021818 • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 2%CPEs: 2049EXPL: 0CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •
CVSS: 6.8EPSS: 1%CPEs: 198EXPL: 0CVE-2008-1147
https://notcve.org/view.php?id=CVE-2008-1147
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. Cierto algoritmo generador de números pseudo-aleatorios(PRNG) que usa XOR y alterna en saltos de 2-bit (también conocido com o"algoritmo X2"), usado en OpenBSD de la v2.6 a la 3.4, Mac OS X de la v10 a a 10.5.1, FreeBSD 4.4 a la 7.0 y DragonFlyBSD 1.0 a la 1.10.1, permite a atacantes remotos adivinar datos sensibles como los IDs de una fragmentación IP observando una secuencia generada previamente. NOTA: este fallo puede ser aprovechado por ataques como la inyección de paquetes TCP y OS fingerprinting. • http://seclists.org/bugtraq/2008/Feb/0052.html http://seclists.org/bugtraq/2008/Feb/0063.html http://secunia.com/advisories/28819 http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10%3Bcontenttype= http://www.securiteam.com/securityreviews/5PP0H0UNGW.html http://www.securityfocus.com/archive/1/487658 http://www.securityfocus.com/bid/27647 http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf https://e •