CVSS: 1.9EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1958
https://notcve.org/view.php?id=CVE-2013-1958
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created. La función scm_check_creds en net/core/scm.c en el kernel de Linux antes de v3.8.6 no hace cumplir adecuadamente los requisitos de capacidad para controlar el valor del PID asociado a un socket de dominio UNIX, que permite a usuarios locales eludir restricciones de acceso destinados al aprovechar el tiempo intervalo durante el cual un espacio de nombres de usuario se ha creado un espacio de nombres PID, pero no se ha creado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=92f28d973cce45ef5823209aab3138eb45d8b349 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.6 http://www.openwall.com/lists/oss-security/2013/04/16/11 https://github.com/torvalds/linux/commit/92f28d973cce45ef5823209aab3138eb45d8b349 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1956
https://notcve.org/view.php?id=CVE-2013-1956
The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call. La función create_user_ns en kernel/user_namespace.c en el kernel Linux antes de v3.8.6 no comprueba si existe un directorio de chroot que difiere del directorio raíz de espacio de nombres, que permite a los usuarios locales para eludir las restricciones del sistema de archivos destinados a través de una llamada al sistema clone diseñado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3151527ee007b73a0ebd296010f1c0454a919c7d http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.6 http://www.openwall.com/lists/oss-security/2013/04/16/11 https://github.com/torvalds/linux/commit/3151527ee007b73a0ebd296010f1c0454a919c7d • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3233
https://notcve.org/view.php?id=CVE-2013-3233
The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función llcp_sock_recvmsg en net/nfc/llcp/sock.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable y cierta estructura de datos, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d26d6504f23e803824e8ebd14e52d4fc0a0b09cb http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2013-3076 – Kernel: crypto: algif - suppress sending source address information in recvmsg
https://notcve.org/view.php?id=CVE-2013-3076
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. La API crypto en el kernel de Linux hasta v3.9-rc8 no inicializa cierta longitud de variables, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom especialmente diseñada, relacionado con la función hash_recvmsg en crypto/algif_hash.c y la función skcipher_recvmsg en crypto/algif_skcipher.c. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://www.openwall.com/lists/oss-security/2013/04/14/3 http://www.ubuntu.com/usn/USN-1837-1 https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe https://access.redhat • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3228
https://notcve.org/view.php?id=CVE-2013-3228
The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función irda_recvmsg_dgram en la función net/irda/af_irda.c function en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ae94c0d2f0bed41d6718be743985d61b7f5c47d http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://www.mandr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •