CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2009-2287
https://notcve.org/view.php?id=CVE-2009-2287
The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function. La funciónkvm_arch_vcpu_ioctl_set_sregs en el KVM en el Kernel Linux v2.6 anterior a v2.6.30, ejecutado sobre plataformas x86, no valida la "page table root" (raíz de tabla de páginas) en una llamada KVM_SET_SREGS, lo que permite a usuarios locales provocar una denegación de servicio (cuelgue o caída) a través de un valor cr3 manipulado, lo que lanza un deferencia a puntero NULL en la función gfn_to_rmap. • http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git%3Ba=blob%3Bf=queue-2.6.30/kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch%3Bh=b48a47dad2cf76358b327368f80c0805e6370c68%3Bhb=e7c45b24f298b5d9efd7d401150f64a1b51aaac4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=59839dfff5eabca01cc4e20b45797a60a80af8cb http://secunia.com/advisories/35675 http://secunia.com/advisories/36045 http://secunia.com/advisories/36054 http://sourceforge.net/tracker/?func=detail&atid& • CWE-476: NULL Pointer Dereference •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 2CVE-2009-1888 – Samba improper file access
https://notcve.org/view.php?id=CVE-2009-1888
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. La función acl_group_override en smbd/posix_acls.c en smbd en Samba v3.0.x anterior a v3.0.35, v3.1.x y v3.2.x anterior a v3.2.13, y v3.3.x anterior 3.3.6, cuando el modo de fichero dos está habilitado, permite a atacantes remotos modificar la lista de control de acceso para ficheros a través de vectores relacionados con acceso de lectura a memoria sin inicializar. • http://secunia.com/advisories/35539 http://secunia.com/advisories/35573 http://secunia.com/advisories/35606 http://secunia.com/advisories/36918 http://wiki.rpath.com/Advisories:rPSA-2009-0145 http://www.debian.org/security/2009/dsa-1823 http://www.mandriva.com/security/advisories?name=MDVSA-2009:196 http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch http:&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 3%CPEs: 15EXPL: 1CVE-2009-1837 – Firefox Race condition while accessing the private data of a NPObject JS wrapper class object
https://notcve.org/view.php?id=CVE-2009-1837
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. Condición de carrera en la función NPObjWrapper_NewResolve en modules/plugin/base/src/nsJSNPRuntime.cpp en xul.dll en Mozilla Firefox v3 anteriores a v3.0.11 podría permitir a atacantes remotos ejecutar código arbitrario a través de una pagina de transición durante la carga de un applet de Java, relacionado con una vulnerabilidad uso-después-de-liberación para asociar memoria con un objeto Java destrozado. • http://secunia.com/advisories/34241 http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35431 http://secunia.com/advisories/35468 http://secunia.com/secunia_research/2009-19 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1820 http://www.mozilla.org/security/announce/2009/mfs • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 15EXPL: 5CVE-2009-1961 – Linux Kernel 2.6.x - 'splice' Double Lock Local Denial of Service
https://notcve.org/view.php?id=CVE-2009-1961
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions. El código de doble bloqueo del inodo de fs/ocfs2/file.c del kernel de Linux v2.6.30 anterior a v2.6.30-rc3, v2.6.27 anterior a v2.6.27.24, v2.6.29 anterior a v2.6.29.4 y puede que otras versiones anteriores a v2.6.19; permite a usuarios locales provocar una denegación de servicio (prevención de creación y borrado de ficheros) a través de una serie de llamadas al sistema anidadas que provocan un bloqueo mutuo -deadlock- entre las funciones generic_file_splice_write, splice_from_pipe y ocfs2_file_splice_write. • https://www.exploit-db.com/exploits/33015 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=7bfac9ecf0585962fe13584f5cf526d8c8e76f17 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html http://secunia.com/advisories/35390 http://secunia.com/advisories/35394 http://secunia.com/advisories/35656 http&# • CWE-667: Improper Locking •
CVSS: 4.4EPSS: 0%CPEs: 26EXPL: 0CVE-2009-1962
https://notcve.org/view.php?id=CVE-2009-1962
Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID. Xfig en Debian GNU/Linux, posiblemente v3.2.5, permite a usuarios locales leer y escribir archivos de su elección a través de un enlace simbólico a los ficheros temporales (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] donde [PID] es el ID (identificador) del proceso. • http://secunia.com/advisories/35320 http://www.mandriva.com/security/advisories?name=MDVSA-2009:244 http://www.openwall.com/lists/oss-security/2009/04/01/6 http://www.securityfocus.com/bid/34328 https://exchange.xforce.ibmcloud.com/vulnerabilities/49600 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •