CVSS: 6.5EPSS: 0%CPEs: 143EXPL: 0CVE-2008-1294 – kernel: setrlimit(RLIMIT_CPUINFO) with zero value doesn't inherit properly across children
https://notcve.org/view.php?id=CVE-2008-1294
01 May 2008 — Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits. El Kernel de Linus 2.6.17 y otras versiones anteriores a la 2.6.22 no comprueba cuándo un usuario intenta establecer el RLIMIT_CPU a 0 hasta después de que se realice el cambio, lo que permite a los usuarios locales evitar los límites a recursos establecidos. Several local vulnerabilities have been disco... • http://bugs.gentoo.org/show_bug.cgi?id=215000 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 269EXPL: 3CVE-2008-1514 – kernel: ptrace: Padding area write - unprivileged kernel crash
https://notcve.org/view.php?id=CVE-2008-1514
26 Mar 2008 — arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference. El archivo arch/s390/kernel/ptrace.c en el kernel de Linux versión 2.6.9 y otras versiones anteriores a 2.6.27-rc6, en plataformas s390 permite a los usuarios locales causar una denegación de servicio (pánico del kernel) por medio d... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d6e48f43340343d97839eadb1ab7b6a3ea98797 • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2008-0731
https://notcve.org/view.php?id=CVE-2008-0731
12 Feb 2008 — The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task. El núcleo de Linux versiones anteriores a 2.6.18.8-0.8 de SUSE openSUSE 10.2 no maneja apropiadamente los fallos del sistema llamado AppArmor change_hat, lo cual permite a atacantes disparar el no limitamiento de una tarea apparmored. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 104EXPL: 8CVE-2008-0600 – Linux Kernel 2.6.17 < 2.6.24.1 - 'vmsplice' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-0600
11 Feb 2008 — The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010. La función vmsplice_to_pipe en el Kernel linux de la versión 2.6.17 a la 2.6.24.1 no valida ciertos espacios de memoria antes de referenciarlos, lo que permite a usuarios locales obtener privilegios de root/adminis... • https://packetstorm.news/files/id/63821 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0163 – Debian Linux Security Advisory 1494-1
https://notcve.org/view.php?id=CVE-2008-0163
11 Feb 2008 — Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc. Linux kernel 2.6, cuando usa vservers, permite a usuarios locales acceder a recursos de otros vservers a través de un ataque de enlaces simbólicos en /proc. The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges. In the vserver-enabled kernels, a mi... • http://secunia.com/advisories/28875 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0007 – kernel: insufficient range checks in fault handlers with mremap
https://notcve.org/view.php?id=CVE-2008-0007
08 Feb 2008 — Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. Núcleo de Linux versiones anteriores a 2.6.22.17, cuando se usan ciertos controladores que registran un error en el manejador, que no realiza comprobaciones de rango, permite a usuarios locales acceder a la memoria del núcleo a través de un desplazamiento fuera de rango. Several local vulnerabilities have been disco... • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 317EXPL: 0CVE-2007-6694 – /proc/cpuinfo DoS on some ppc machines
https://notcve.org/view.php?id=CVE-2007-6694
29 Jan 2008 — The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference. La función chrp_show_cpuinfo (chrp/setup.c) en Linux kernel 2.4.21 hasta 2.6.18-53, cuando funciona sobre PowerPC, podría permitir a usuarios locales provocar denegación de servicio (caida) a través de vectores desconocidos qu... • http://marc.info/?l=linux-kernel&m=119576191029571&w=2 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 3%CPEs: 30EXPL: 1CVE-2008-0352 – Linux Kernel 2.6.21.1 - IPv6 Jumbo Bug Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0352
17 Jan 2008 — The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram). El núcleo de Linux 2.6.20 hasta 2.6.21.1 permite a atacantes remotos provocar una denegación de servicio (error irrecuperable del sistema) mediante cierto paquete IPv6, posiblemente implicando la opción Jumbo Payload salto a salto (jumbogram). • https://www.exploit-db.com/exploits/4893 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 234EXPL: 0CVE-2008-0001 – kernel: filesystem corruption by unprivileged user via directory truncation
https://notcve.org/view.php?id=CVE-2008-0001
15 Jan 2008 — VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories. VFS en el kernel de Linux versiones anteriores a 2.6.22.16 y versiones 2.6.23.x anteriores a 2.6.23.14, realiza pruebas de modo de acceso mediante el uso de la variable flag en lugar de la variable acc_mode, lo que podría permitir a usuarios locales omitir los pe... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=974a9f0b47da74e28f68b9c8645c3786aa5ace1a •
CVSS: 7.8EPSS: 5%CPEs: 30EXPL: 1CVE-2007-4567 – Linux Kernel 2.6.22 - IPv6 Hop-By-Hop Header Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4567
20 Dec 2007 — The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. La función ipv6_hop_jumbo en el archivo net/ipv6/exthdrs.c en el kernel de Linux versiones anteriores a 2.6.22, no comprueba apropiadamente el encabezado extendido de IPv6 salto a salto, lo que permite a los atacantes remotos causar u... • https://www.exploit-db.com/exploits/30902 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •