CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 2CVE-2008-4210 – Linux Kernel < 2.6.22 - 'ftruncate()'/'open()' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-4210
29 Sep 2008 — fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. fs/open.c en el kernel de Linux anterior a v2.6.22 no elimina de forma adecuada los bits "setuid" y... • https://www.exploit-db.com/exploits/6851 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 2CVE-2008-3528 – Linux kernel ext[234] directory corruption denial of service
https://notcve.org/view.php?id=CVE-2008-3528
27 Sep 2008 — The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privile... • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 99EXPL: 1CVE-2008-4113 – Linux Kernel < 2.6.26.4 - SCTP Kernel Memory Disclosure
https://notcve.org/view.php?id=CVE-2008-4113
16 Sep 2008 — The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function. Función The sctp_getsockopt_hmac_ident en net/sctp/socket.c la implementación de Stre... • https://www.exploit-db.com/exploits/7618 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1CVE-2008-3889
https://notcve.org/view.php?id=CVE-2008-3889
12 Sep 2008 — Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file. Postfix versión 2.4 anteriores a la 2.4.9, versión 2.5 anteriores a la 2.5.5 y versión 2.6 anteriores a la 2.6-2000902, cuando se utiliza con el nucleo de Linux versión 2.6... • http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 66%CPEs: 63EXPL: 0CVE-2008-3915 – kernel: nfsd: fix buffer overrun decoding NFSv4 acl
https://notcve.org/view.php?id=CVE-2008-3915
09 Sep 2008 — Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl. Desbordamiento del búfer en nfsd en el kernel de Linux anterior a 2.6.26.4, cuando NFSv4 está activado, permite a atacantes remotos realizar acciones con un impacto desconocido a través de vectores que están relacionados con la decodificación de un NFSv4 acl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=91b80969ba466ba4b915a4a1d03add8c297add3f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-3911
https://notcve.org/view.php?id=CVE-2008-3911
04 Sep 2008 — The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file. La función proc_do_xprt de net/sunrpc/sysctl.c del núcleo de Linux 2.6.26.3, no comprueba el tamaño de determinado búfer obtenido del espacio de usuario (userspace), esto permite a los usuarios loca... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=27df6f25ff218072e0e879a96beeb398a79cdbc8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2007-6716 – kernel: dio: zero struct dio with kzalloc instead of manually
https://notcve.org/view.php?id=CVE-2007-6716
04 Sep 2008 — fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. fs/direct-io.c del subsistema dio del núcleo de Linux anterior a 2.6.23, no suprime de forma correcta la estructura dio, esto permite a usuario locales provocar una denegación de servicio (OOPS), como se ha demostrado en determinados test fio. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=848c4dd5153c7a0de55470ce99a8e13a63b4703f •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-3792 – kernel: sctp: fix potential panics in the SCTP-AUTH API
https://notcve.org/view.php?id=CVE-2008-3792
03 Sep 2008 — net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5e739d1752aca4e8f3e794d431503bfca3162df4 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3901
https://notcve.org/view.php?id=CVE-2008-3901
03 Sep 2008 — Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. Software suspend 2 2-2.2.1, cuando se utiliza con Linux kernel 2.6.16, almacena contraseñas de autenticación de pre-arranque en el búfer BIOS Keyboard y no limpia este búfer después del uso, lo cual permite... • http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3525 – kernel: missing capability checks in sbni_ioctl()
https://notcve.org/view.php?id=CVE-2008-3525
03 Sep 2008 — The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. La función sbni_ioctl en drivers/net/wan/sbni.c del subsistema WAN en Linux kernel 2.6.26.3 no chequea la capacidad CAP_NET_ADMIN antes de procesar una petición ioctl (1) ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e • CWE-264: Permissions, Privileges, and Access Controls •