CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1CVE-2007-4130 – panic caused by set_mempolicy with MPOL_BIND
https://notcve.org/view.php?id=CVE-2007-4130
The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation. El kernel de Linux 2.6.9 antes de 2.6.9-67 en Red Hat Enterprise Linux (RHEL) 4 de Itanium (ia64). No maneja correctamente fallos de página durante el acceso a memoria de NUMA, lo que permite a usuarios locales causar una denegación de servicio (panic) por medio de argumentos no válidos a set_mempolicy en una operación MPOL_BIND • http://rhn.redhat.com/errata/RHSA-2008-0055.html http://secunia.com/advisories/28748 http://www.securityfocus.com/bid/27556 https://bugzilla.redhat.com/show_bug.cgi?id=179665 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11437 https://access.redhat.com/security/cve/CVE-2007-4130 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 2%CPEs: 38EXPL: 0CVE-2007-6284 – libxml2: infinite loop in UTF-8 decoding
https://notcve.org/view.php?id=CVE-2007-6284
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences. La función xmlCurrentChar de libxml2, en versiones anteriores a la 2.6.31, permite que algunos atacantes, dependiendo del contexto, provoquen denegación de servicio (por bucle infinito) usando un XML que contenga secuencias no válidas de UTF-8. • http://bugs.gentoo.org/show_bug.cgi?id=202628 http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.vmware.com/pipermail/security-announce/2008/000009.html http://mail.gnome.org/archives/xml/2008-January/msg00036.html http://secunia.com/advisories/28439 http://secunia.com/advisories/28444 http://secunia.com/advisories/28450 http://secunia.com/advisories/28452 http://secunia.com/advisories/28458 http://secunia.com/advisories/28466 http://s • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 16%CPEs: 8EXPL: 0CVE-2008-0003 – tog-pegasus pam authentication buffer overflow
https://notcve.org/view.php?id=CVE-2008-0003
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360. Un desbordamiento del búfer en la región stack de la memoria en la función PAMBasicAuthenticator::PAMCallback en el servidor de administración de OpenPegasus CIM (tog-pegasus), cuando es compilado para usar PAM y sin PEGASUS_USE_PAM_STANDALONE_PROC definida, podría permitir a atacantes remotos ejecutar código arbitrario por medio de vectores desconocidos, una vulnerabilidad diferente de CVE -2007-5360. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409 http://lists.vmware.com/pipermail/security-announce/2008/000014.html http://osvdb.org/40082 http://secunia.com/advisories/28338 http://secunia.com/advisories/28462 http://secunia.com/advisories/29056 http://secunia.com/advisories/29785 http://secunia.com/advisories/29986 http://securitytracker.com/id?1019159 http://www.attrition.org/pipermail/vim/2008-January/001879.html http://www.redhat.com/support/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6285 – autofs default doesn't set nodev in /net
https://notcve.org/view.php?id=CVE-2007-6285
The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. La configuración predeterminada para autofs 5 (autofs5) en algunas distribuciones de Linux, como Red Hat Enterprise Linux (RHEL) versiones 4 y 5, no especifica la opción de montaje nodev para el mapa -hosts, que permite a los usuarios locales acceder a "important devices" mediante la operación de un servidor NFS remoto y creando archivos de dispositivo especial en ese servidor, como es demostrado por el dispositivo /dev/mem. • http://osvdb.org/40442 http://rhn.redhat.com/errata/RHSA-2007-1176.html http://rhn.redhat.com/errata/RHSA-2007-1177.html http://secunia.com/advisories/28156 http://secunia.com/advisories/28168 http://secunia.com/advisories/28456 http://securitytracker.com/id?1019137 http://www.mandriva.com/security/advisories?name=MDVSA-2008:009 http://www.securityfocus.com/bid/26970 https://bugzilla.redhat.com/show_bug.cgi?id=426218 https://exchange.xforce.ibmcloud.com/vulnerabilities/39188 • CWE-16: Configuration •
CVSS: 2.1EPSS: 0%CPEs: 22EXPL: 0CVE-2007-6206 – Issue with core dump owner
https://notcve.org/view.php?id=CVE-2007-6206
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. La función do_coredump en el archivo fs/exec.c en el kernel de Linux versiones 2.4.x y versiones 2.6.x hasta 2.6.24-rc3, y posiblemente otras versiones, no cambia el UID de un archivo de volcado de núcleo si éste existe antes de una creación de proceso root en un volcado de núcleo en la misma ubicación, lo que podría permitir a los usuarios locales obtener información confidencial. • http://bugzilla.kernel.org/show_bug.cgi?id=3043 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://rhn.redhat.com/errata/RHSA-2008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •