CVSS: 10.0EPSS: 7%CPEs: 6EXPL: 0CVE-2014-2523 – kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
https://notcve.org/view.php?id=CVE-2014-2523
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. net/netfilter/nf_conntrack_proto_dccp.c en el kernel de Linux hasta 3.13.6 utiliza un puntero de cabecera DCCP incorrectamente, lo que permite a atacantes remotos causar una denegación de servicio (caída de sistema) o posiblemente ejecutar código arbitrario a través de un paquete DCCP que provoca una llamada la función (1) dccp_new, (2) dccp_packet o (3) dccp_error. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92 http://secunia.com/advisories/57446 http://twitter.com/grsecurity/statuses/445496197399461888 http://www.openwall.com/lists/oss-security/2014/03/17/7 http://www.securityfocus.com/bid/66279 http://www.securitytracker.com/id/1029945 http://www.ubuntu.com/usn/USN-2173-1 http://www.ubuntu.com/usn/USN-2174-1 https://bugzilla.redhat.com/show_bug.cgi?id=1077343 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2013-7339 – kernel: net: rds: dereference of a NULL device in rds_ib_laddr_check()
https://notcve.org/view.php?id=CVE-2013-7339
The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. La función rds_ib_laddr_check en net/rds/ib.c en el kernel de Linux anterior a 3.12.8 permite a usuarios locales causar una denegación de servicio (referencia de puntero nulo y caída de sistema) o posiblemente tener otro impacto no especificado a través de una llamada de sistema bind para un socket RDS en un sistema que carece de transportes RDS. A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c2349758acf1874e4c2b93fe41d072336f1a31d0 http://secunia.com/advisories/59386 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8 http://www.openwall.com/lists/oss-security/2014/03/20/14 http://www.securityfocus.com/bid/66351 https://bugzilla.redhat.com/show_bug.cgi?id=1079214 https://github.com/torvalds/linux/commit/c2349758acf1874e4c2b93fe41d072336f1a31d0 https://access.redhat.com/security/cve/CVE&# • CWE-476: NULL Pointer Dereference •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0102
https://notcve.org/view.php?id=CVE-2014-0102
The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands. La función keyring_detect_cycle_iterator en security/keys/keyring.c en el kernel de Linux hasta 3.13.6 no determina debidamente si los archivos de claves son idénticos, lo que permite a usuarios locales causar una denegación de servicio (OOPS) a través de comandos keyctl manipulados. • http://lkml.org/lkml/2014/2/27/507 http://www.kernelhub.org/?msg=425013&p=2 http://www.openwall.com/lists/oss-security/2014/03/04/21 https://bugzilla.redhat.com/show_bug.cgi?id=1072419 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 1CVE-2014-2309 – Kernel: net: IPv6: crash due to router advertisement flooding
https://notcve.org/view.php?id=CVE-2014-2309
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. La función ip6_route_add en net/ipv6/route.c en el kernel de Linux hasta 3.13.6 no cuenta debidamente la suma de rutas, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una inundación de paquetes de ICMPv6 Router Advertisement. • http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://secunia.com/advisories/57250 http://www.openwall.com/lists/oss-security/2014/03/08/1 http://www.securityfocus.com/bid/66095 http://www.securitytracker.com/id/1029894 https://access.redhat.com/security/cve/CVE-2014-2309 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 91%CPEs: 35EXPL: 0CVE-2014-0101 – kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
https://notcve.org/view.php?id=CVE-2014-0101
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. La función sctp_sf_do_5_1D_ce en net/sctp/sm_statefuns.c en el kernel de Linux hasta la versión 3.13.6 no valida ciertos campos auth_enable y auth_capable antes de hacer una llamada sctp_sf_authenticate, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) a través de un SCTP handshake con un fragmento INIT modificado y un fragmento AUTH manipulado anterior a un fragmento COOKIE_ECHO. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 http://rhn.redhat.com/errata/RHSA-2014-0328.html http://rhn.redhat.com/errata/RHSA-2014-0419.html http://rhn.redhat.com/errata/RHSA-2014-0432.html http://secunia.com/advisories/59216 http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html http://www.openwall.com/lists/oss-security/2014/03/04/6 http://www.securityfocus.com/bid/65943 h • CWE-476: NULL Pointer Dereference •