CVE-2010-4083 – kernel: ipc/sem.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4083
The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. La función copy_semid_to_user en ipc/sem.c en el kernel de Linux asntes de v2.6.36 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la pila de la memoria del kernel a través de un comando (1) IPC_INFO, (2) SEM_INFO, ( 3) IPC_STAT, o (4) SEM_STAT en una llamada al sistema semctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=982f7c2b2e6a28f8f266e075d92e19c0dd4c6e56 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://secunia. • CWE-909: Missing Initialization of Resource •
CVE-2010-3849 – Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3849
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field. La función econet_sendmsg en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2, cuando se configura una dirección econet, permite a usuarios locales causar una denegación de servicio (desreferencia a puntero NULL y OOPS) a través de una llamada sendmsg que especifica un valor NULL para el campo de dirección remota. • https://www.exploit-db.com/exploits/15704 http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://openwall.com/lists/oss-security/2010/11 • CWE-476: NULL Pointer Dereference •
CVE-2010-3850 – Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3850
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call. La función ec_dev_ioctl en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2 no requiere la capacidad CAP_NET_ADMIN, que permite a usuarios locales evitar las restricciones de acceso y configurar las direcciones econet a través de una llamada SIOCSIFADDR ioctl. • https://www.exploit-db.com/exploits/15704 https://www.exploit-db.com/exploits/17787 http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16c41745c7b92a243d0874f534c1655196c64b74 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http •
CVE-2010-3876 – kernel: net/packet/af_packet.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-3876
net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures. net/packet/af_packet.c en el kernel de Linux anterior a v2.6.37-rc2 no inicializa correctamente ciertos miembros de la estructura, que permite a usuarios locales obtener información sensible de la pila del núcleo de la memoria mediante el aprovechamiento de la capacidad CAP_NET_RAW para leer las copias de las estructuras de aplicación. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=67286640f638f5ad41a946b9a3dc75327950248f http://marc.info/?l=linux-netdev&m=128854507220908&w=2 http://openwall.com/lists/oss-security/2010/11/02/10 http://openwall.com/lists/oss-security/2010/11/02/12 http://openwall.com/lists/oss-security/2010/11/02/7 http://openwall.com/lists/oss-security/2010/11/02/9 http://openwall.com/lists/oss-security/2010/11/04/5 http://secunia.com • CWE-909: Missing Initialization of Resource •
CVE-2010-3848 – Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3848
Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures. Desbordamiento de búfer basado en pila en la función econet_sendmsg en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2, cuando hay configurada una dirección econet, permite a usuarios locales conseguir privilegios, proporcionando un gran número de estructuras iovec. • https://www.exploit-db.com/exploits/17787 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a27e13d370415add3487949c60810e36069a23a6 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://openwall.com/lists/oss-security/2010/11/30/1 http://secunia.com/advisories/43056 http://secunia.com • CWE-787: Out-of-bounds Write •