CVSS: 7.1EPSS: 2%CPEs: 16EXPL: 0CVE-2014-5077 – Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions
https://notcve.org/view.php?id=CVE-2014-5077
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. La función sctp_assoc_update en net/sctp/associola.c en el kernel de Linux hasta 3.15.8, cuando la autenticación SCTP está habilitada, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y OOPS) mediante el inicio del establecimiento de una asociación entre dos endpoints inmediatamente después de un intercambio de fragmentos INIT y INIT ACK para establecer una asociación anterior entre estos endpoints en la dirección opuesta. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://rhn.redhat.com/errata/RHSA-2014-1083.html http://rhn.redhat.com/errata/RHSA-2014-1668.html http://rhn.redhat.com/errata/RHSA-2014-1763.html http://secunia.com/advisories/59777 http://secunia.com/advisories/60430 h • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2014-4608 – kernel: lzo1x_decompress_safe() integer overflow
https://notcve.org/view.php?id=CVE-2014-4608
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype. ** DISPUTADA ** Múltiples desbordamientos de enteros en la función lzo1x_decompress_safe en lib/lzo/lzo1x_decompress_safe.c en el descompresor LZO en el kernel de Linux anterior a 3.15.2 permiten a atacantes dependientes de contexto causar una denegación de servicio (corrupción de memoria) a través de un 'Literal Run' manipulado. NOTA: el autor de los algoritmos LZO algorithms dice que 'el kernel de Linux *no* está afectado; sensacionalismo periodístico.' An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0062.html http://secunia.com/advisori • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 4%CPEs: 8EXPL: 0CVE-2014-4667 – kernel: sctp: sk_ack_backlog wrap-around problem
https://notcve.org/view.php?id=CVE-2014-4667
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. La función sctp_association_free en net/sctp/associola.cen en el kernel de Linux anterior a 3.15.2 no gestiona debidamente cierto valor de backlogs, lo que permite a atacantes remotos causar una denegación de servicio (interrupción del socket) mediante un paquete SCTP manipulado. An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d3217b15a19a4779c39b212358a5c71d725822ee http://linux.oracle.com/errata/ELSA-2014-3068.html http://linux.oracle.com/errata/ELSA-2014-3069.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://secunia.com/advisories/59777 http://secunia&# • CWE-190: Integer Overflow or Wraparound •
CVSS: 2.3EPSS: 0%CPEs: 35EXPL: 0CVE-2014-4027 – Kernel: target/rd: imformation leakage
https://notcve.org/view.php?id=CVE-2014-4027
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. La función rd_build_device_space en drivers/target/target_core_rd.c en el kernel de Linux anterior a 3.14 no inicializa debidamente cierta estructura de datos, lo que permite a usuarios locales obtener información sensible de la memoria ramdisk_mcp mediante el aprovechamiento del acceso a un iniciador SCSI. An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618 http://secunia.com/advisories/59134 http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 http://secunia.com/advisories/61310 http://www.openwall. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 9CVE-2014-3153 – Linux Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-3153
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. La función futex_requeue en kernel/futex.c en el kernel de Linux hasta 3.14.5 no asegura que las llamadas tengan dos direcciones futex diferentes, lo que permite a usuarios locales ganar privilegios a través de un comando FUTEX_REQUEUE manipulado que facilita la modificación insegura del objeto o función a la espera. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges. • https://www.exploit-db.com/exploits/35370 https://github.com/timwr/CVE-2014-3153 https://github.com/lieanu/CVE-2014-3153 https://github.com/elongl/CVE-2014-3153 https://github.com/zerodavinci/CVE-2014-3153-exploit https://github.com/c3c/CVE-2014-3153 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8 http://linux.oracle.com/errata/ELSA-2014-0771.html http://linux.oracle.com/errata/ELSA-2014-3037.html •