CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2008-3275 – Linux kernel local filesystem DoS
https://notcve.org/view.php?id=CVE-2008-3275
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. Las funciones (1) real_lookup y (2) __lookup_hash en el archivo fs/namei.c en la implementación de vfs en el kernel de Linux anterior a versión 2.6.25.15 no previene la creación de una matriz de elementos secundarios para un directorio eliminado (también se conoce como S_DEAD), que permite a los usuarios locales causar una denegación de servicio ("overflow" del área huérfana UBIFS) por medio de una serie de intentos de creación de archivos sin eliminar los directorios. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d70b67c8bc72ee23b55381bd6a884f4796692f77 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.15 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html http://lkml.org/lkml/2008/7/2/83 http://secunia.com/advisories/31551 http://secunia.com/advisories/31614 http://secunia.com/advisories/31836 http:/&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 1CVE-2008-3534 – kernel: tmpfs: fix kernel BUG in shmem_delete_inode
https://notcve.org/view.php?id=CVE-2008-3534
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count. La función shmem_delete_inode de mm/shmem.c en la implementación the tmpfs de Linux kernel versiones anteriores a 2.6.26.1 permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de una determinada secuencia de operaciones de ficheros de crear, eliminar y sobrescribir, como lo demostrador por el programa insserv, relacionado con la asignación de "páginas sin uso" y mantenimiento inadecuado de la cuenta i_blocks. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=14fcc23fdc78e9d32372553ccf21758a9bd56fa1 http://lkml.org/lkml/2008/7/26/71 http://secunia.com/advisories/31881 http://secunia.com/advisories/32190 http://secunia.com/advisories/32393 http://www.debian.org/security/2008/dsa-1636 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1 http://www.redhat.com/support/errata/RHSA-2008-0857.html http://www.securityfocus.com/bid&#x • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 1CVE-2008-3535 – kernel: fix off-by-one error in iov_iter_advance()
https://notcve.org/view.php?id=CVE-2008-3535
Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project. Error de superación del límite en la función iov_iter_advance de mm/filemap.c en Linux kernel versiones anteriores a 2.6.27-rc2 permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de una determinada secuencia de operaciones en ficheros de I/O con readv y writev, como lo demostrado por testcases/kernel/fs/ftest/ftest03 de Linux Test Project. • http://mirror.celinuxforum.org/gitstat/commit-detail.php?commit=94ad374a0751f40d25e22e036c37f7263569d24c http://secunia.com/advisories/31881 http://secunia.com/advisories/32190 http://secunia.com/advisories/32393 http://www.debian.org/security/2008/dsa-1636 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2 http://www.lkml.org/lkml/2008/7/30/446 http://www.redhat.com/support/errata/RHSA-2008-0857.html http://www.securityfocus.com/bid/31132 http://www& • CWE-193: Off-by-one Error •
CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2008-3272 – kernel snd_seq_oss_synth_make_info leak
https://notcve.org/view.php?id=CVE-2008-3272
The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information. La función snd_seq_oss_synth_make_info de sound/core/seq/oss/seq_oss_synth.c en el subsistema sound de Linux kernel versiones anteriores a 2.6.27-rc2 no verifica que el número de dispositivo esté dentro del rango definido por max_synthdev antes de retornar determinados datos del emisor, lo cual permite a usuarios locales obtener información sensible. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82e68f7ffec3800425f2391c8c86277606860442 http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html http://li • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 12%CPEs: 9EXPL: 0CVE-2008-2939 – httpd: mod_proxy_ftp globbing XSS
https://notcve.org/view.php?id=CVE-2008-2939
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. Vulnerabilidad de XSS en proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.0.63 y en versiones anteriores y mod_proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.2.9 y en versiones anteriores a 2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un comodín en el último componente del directorio en el nombre de ruta en una URI FTPI. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://rhn.redhat.com/errata/RHSA-2008-0967.html http://secunia.com/advisories/31384 http://secunia.com/advisories/31673 http://secunia.com/advisories/32685 http://secunia.com/advisories/32838 http://secunia.com/advisories/33156&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •