CVE-2004-1235 – Linux Kernel 2.4 - 'uselib()' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-1235
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. Condición de carrera en las llamadas de funciones (1) load_elf_library y (2) binfmt_aout de uselib de los kernel de Linux 2.4 a 2.429-rc2 y 2.6 a 2.6.10 permite a usuarios locales ejecutar código de su elección manipulando el descriptor WMA. • https://www.exploit-db.com/exploits/778 https://www.exploit-db.com/exploits/744 https://www.exploit-db.com/exploits/895 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 http://isec.pl/vulnerabilities/isec-0021-uselib.txt http://marc.info/?l=bugtraq&m=110512575901427&w=2 http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 http://www.debian.org/security •
CVE-2004-1491 – Opera Web Browser 7.54 - 'KDE KFMCLIENT' Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1491
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. • https://www.exploit-db.com/exploits/24828 http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html http://secunia.com/advisories/13447 http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml http://www.opera.com/linux/changelogs/754u2 http://www.securityfocus.com/bid/11901 http://www.zone-h.org/advisories/read/id=6503 https://exchange.xforce.ibmcloud.com/vulnerabilities/18457 •
CVE-2004-0592
https://notcve.org/view.php?id=CVE-2004-0592
The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar flaw to CVE-2004-0626. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023408.html http://www.novell.com/linux/security/advisories/2004_20_kernel.html https://exchange.xforce.ibmcloud.com/vulnerabilities/43137 •
CVE-2004-1154
https://notcve.org/view.php?id=CVE-2004-1154
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://secunia.com/advisories/13453 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1 http://www.debian.org/security/2005/dsa-701 http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities http://www.kb.cert.org/vuls/id/226184 ht •
CVE-2004-0914 – openmotif21 stack overflows in libxpm
https://notcve.org/view.php?id=CVE-2004-0914
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions. Múltiples vulnerabilidades en libXpm 6.8.1 y anteriores, usada en XFree86 y otros paquetes, incluyendo (1) múltiples desbordamientos de enteros, (2) accesos de memoria fuera de límites, (3) atravesamiento de directorios, (4) metacaractéres de shell, (5) bucles infinitos, y (6) filtraciones de memoria podrían permitir a atacantes remotos obtener información sensible, causar una denegación de servicio (caída de aplicación) o ejecutar código de su elección mediante un cierto fichero de imagen XPM. • http://rhn.redhat.com/errata/RHSA-2004-537.html http://secunia.com/advisories/13224 http://www.debian.org/security/2004/dsa-607 http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml http://www.linuxsecurity.com/content/view/106877/102 http://www.mandriva.com/security/advisories?name=MDKSA-2004:137 http://www.redhat.com/archives/fedora-legacy- •