CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 2CVE-2014-4943 – Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
https://notcve.org/view.php?id=CVE-2014-4943
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. La funcionalidad PPPoL2TP en net/l2tp/l2tp_ppp.c en el kernel de Linux hasta 3.15.6 permite a usuarios locales ganar privilegios mediante el aprovechamiento de diferencias de la estructura de datos entre un socket l2tp y un socket inet. A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. • https://www.exploit-db.com/exploits/36267 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf http://linux.oracle.com/errata/ELSA-2014-0924.html http://linux.oracle.com/errata/ELSA-2014-3047.html http://linux.oracle.com/errata/ELSA-2014-3048.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://lists.opensuse.org&# • CWE-269: Improper Privilege Management •
CVSS: 6.9EPSS: 0%CPEs: 11EXPL: 3CVE-2014-4699 – Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4699
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. El kernel de Linux anterior a 3.15.4 en los procesadores Intel no restringe debidamente el uso de un valor no canónico para la dirección RIP guardada en el caso de una llamada del sistema que no utilice IRET, lo que permite a usuarios locales aprovechar una condición de carrera y ganar privilegios, o causar una denegación de servicio (fallo doble), a través de una aplicación manipulada que realice llamadas de sistemas ptrace y fork. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU. • https://www.exploit-db.com/exploits/34134 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a http://linux.oracle.com/errata/ELSA-2014-0924.html http://linux.oracle.com/errata/ELSA-2014-3047.html http://linux.oracle.com/errata/ELSA-2014-3048.html http://openwall.com/lists/oss-security/2014/07/05/4 http://openwall.com/lists/oss-security/2014/07/08/16 http://openwall.com/lists/oss-security/2014/07/08 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-642: External Control of Critical State Data •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2014-3532
https://notcve.org/view.php?id=CVE-2014-3532
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. dbus 1.3.0 anterior a 1.6.22 y 1.8.x anterior a 1.8.6, cuando funciona en Linux 2.6.37-rc4 o posteriores, permite a usuarios locales causar una denegación de servicio (desconexión del bus del sistema de otros servicios o aplicaciones) mediante el envío de un mensaje que contiene un descriptor de ficheros, y posteriormente el exceso en la profundidad máxima de recursión antes de enviar el mensaje inicial. • http://advisories.mageia.org/MGASA-2014-0294.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://openwall.com/lists/oss-security/2014/07/02/4 http://secunia.com/advisories/59611 http://secunia.com/advisories/59798 http://secunia.com/advisories/60236 http://www.debian.org/security/2014/dsa-2971 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html https://bugs.freedes • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4654 – Kernel: ALSA: control: use-after-free in replacing user controls
https://notcve.org/view.php?id=CVE-2014-4654
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. La función snd_ctl_elem_add en sound/core/control.c de la implementación del control ALSA en el kernel de Linux anterior a 3.15.2 no comprueba la autorización para los comandos SNDRV_CTL_IOCTL_ELEM_REPLACE, lo que permite a usuarios locales eliminar los controles del kernel y provocar una denegación de servicio (usar después de liberar y una caída del sistema) al aprovechar el acceso a /dev/snd/controlICS para una llamada ioctl. A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82262a46627bebb0febcc26664746c25cef08563 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2014-1083.html http://secunia.com/advisories/59434 http://secunia.com/advisories/59777 http://secunia.com/advisories/60545 http://secunia.com/advisories/60564 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 http://www.openwall.com/lists/o • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2014-4656 – Kernel: ALSA: control: integer overflow in id.index & id.numid
https://notcve.org/view.php?id=CVE-2014-4656
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. Múltiples desbordamientos de enteros en sound/core/control.c de la implementación del control de ALSA en el kernel de Linux anterior a 3.15.2 permite a usuarios locales causar una denegación de servicio mediante el aprovechamiento de acceso /dev/snd/controlCX, relacionado con (1) valores de indice en la función snd_ctl_add y valores (2) numid en la función snd_ctl_remove_numid_conflict. An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=883a1d49f0d77d30012f114b2e19fc141beb3e8e http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ac902c112d90a89e59916f751c2745f4dbdbb4bd http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2014-1083.html http://rhn.redhat.com/errata/RHSA-2015-0087.html http://secunia.com/advisories/59434 http://secunia.com/advisories/59777 http://s • CWE-190: Integer Overflow or Wraparound •