CVE-2010-4158 – Linux Kernel 2.6.x - 'net/core/filter.c' Local Information Disclosure
https://notcve.org/view.php?id=CVE-2010-4158
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. La función sk_run_filter en net/core/filter.c en el kernel de Linux anteriores a v2.6.36.2 no comprueba si una posición de memoria determinada se ha inicializado antes de ejecutar una instrucción (1) BPF_S_LD_MEM o (2) BPF_S_LDX_MEM, permite a usuarios locales obtener información potencialmente confidencial de pila del núcleo de la memoria a través de un filtro socket manipulado. • https://www.exploit-db.com/exploits/34987 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=57fe93b374a6b8711995c2d466c502af9f3a08bb http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077321.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-4157 – kernel: gdth: integer overflow in ioc_general()
https://notcve.org/view.php?id=CVE-2010-4157
Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call. Desbordamiento de entero en la función ioc_general en drivers/scsi/gdth.c en el kernel Linux, en versiones anteriores a la 2.6.36.1 en plataformas de 64-bit, permite a atacantes locales provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un argumento largo en una llamada ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f63ae56e4e97fb12053590e41a4fa59e7daa74a4 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://l • CWE-190: Integer Overflow or Wraparound •
CVE-2010-4258 – Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-4258
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. La función do_exit en kernel/exit.c en el kernel de Linux anteriores a v2.6.36.2 no gestiona de forma adecuada el KERNEL_DS y el valor get_fs, lo que permite a usuarios locales saltarse las restricciones access_ok, sobrescribiendo posiciones de memoria del kernel, y obtener privilegios mediante el aprovechamiento de un (1) ERROR, (2) desreferencia a un puntero NULL, o (3) error de página, como lo demuestró por vectores que implican la característica clear_child_tid en las llamadas al sistema de unión. • https://www.exploit-db.com/exploits/15704 http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html http://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc http://code.google.com/p/chromium-os/issues/detail?id=10234 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177 http://googlechromereleases.blogspot.com/2011/01/chrome-os-beta-channel-update.html http://lists.fedoraproject.org/pipermail/package-annou • CWE-269: Improper Privilege Management •
CVE-2010-4180 – openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack
https://notcve.org/view.php?id=CVE-2010-4180
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. OpenSSL en versiones anteriores a 0.9.8q y 1.0.x en versiones anteriores a 1.0.0c, cuando SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG está habilitado, no previene adecuadamente la modificación del conjunto de cifrado en la caché de sesión, lo que permite a atacantes remotos forzar la degradación para un cifrado no destinado a través de vectores que involucran rastreo de tráfico de red para descubrir un identificador de sesión. • http://cvs.openssl.org/chngview?cn=20131 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html& •
CVE-2010-4081 – kernel: drivers/sound/pci/rme9652/hdspm.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4081
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. La función snd_hdspm_hwdep_ioctl en sound/pci/rme9652/hdspm.c en el kernel de Linux anterior a v2.6.36-rc6 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información sensible de la pila de la memoria del kernel a través de una llamada ioctl SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://lkml.or • CWE-909: Missing Initialization of Resource •