CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 1CVE-2011-1019 – kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN
https://notcve.org/view.php?id=CVE-2011-1019
The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN capability. La función dev_load en net/core/dev.c en el kernel de Linux anterior a v2.6.38 permite a usuarios locales eludir las capacidades CAP_SYS_MODULE requeridas y cargar modulos arbitrarios mediante el aprovechamiento de la capacidad CAP_NET_ADMIN. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8909c9ad8ff03611c9c96c9a92656213e4bb495b http://www.openwall.com/lists/oss-security/2011/02/25/1 https://bugzilla.redhat.com/show_bug.cgi?id=680360 https://github.com/torvalds/linux/commit/8909c9ad8ff03611c9c96c9a92656213e4bb495b https://access.redhat.com/security/cve/CVE-2011-1019 •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 0CVE-2011-1093 – kernel: dccp: fix oops on Reset after close
https://notcve.org/view.php?id=CVE-2011-1093
The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. Función dccp_rcv_state_process en net/dccp/input.c en la implementación de Datagram Congestion Control Protocol(DCCP)en el kernel de linux antes de v2.6.38 no maneja adecuadamente paquetes para un extremo cerrado, que permite a atacantes remotos provocar una denegación de servicio ( puntero a NULO y OOPS ) mediante el envío de un paquete DCCP-Close seguido por un paquete DCCP-Reset. • http://downloads.avaya.com/css/P8/documents/100145416 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=720dc34bbbe9493c7bd48b2243058b4e447a929d http://openwall.com/lists/oss-security/2011/03/08/19 http://openwall.com/lists/oss-security/2011/03/08/4 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 http://www.securityfocus.com/bid/46793 https://bugzilla.redhat.com/show_bug.cgi • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4805 – kernel: unlimited socket backlog DoS
https://notcve.org/view.php?id=CVE-2010-4805
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251. La implementación del socket en net/core/sock.c en el kernel de Linux anteriores a v2.6.35 no maneja correctamente un retraso de los paquetes recibidos, lo que permite a atacantes remotos provocar una denegación de servicio mediante el envío de una gran cantidad de tráfico de la red, relacionados con la función sk_add_backlog y el campo de toma de sk_rmem_alloc. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2010-4251. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c377411f2494a931ff7facdbb3a6839b1266bcf6 http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.securityfocus.com/bid/46637 https://bugzilla.redhat.com/show_bug.cgi?id=657303 https://access.redhat.com/security/cve/CVE-2010-4805 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2010-4251 – kernel: unlimited socket backlog DoS
https://notcve.org/view.php?id=CVE-2010-4251
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests. La implementación del socket en net/core/sock.c en el kernel de Linux anterior a v2.6.34 no maneja correctamente un retraso de los paquetes recibidos, que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) mediante el envío de una gran cantidad de la red tráfico, como lo demuestran las pruebas netperf UDP. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8eae939f1400326b06d0c9afe53d2a484a326871 http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread http://secunia.com/advisories/46397 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/46637 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/sh • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-1581 – kernel: bonding: Incorrect TX queue offset
https://notcve.org/view.php?id=CVE-2011-1581
The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic. La función bond_select_queue en drivers/net/bonding/bond_main.c en el kernel de Linux anteriores a v2.6.39, cuando esta configurado un dispositivo de red con un gran número de colas de recepción pero el tx_queues es el predeterminado, no restringen adecuadamente los índices de cola, lo que permite a atacantes remotos provocar una denegación de servicio (BUG y caída del sistema) o posiblemente tener un impacto no especificado mediante el envío de tráfico de red. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd0e435b0fe85622f167b84432552885a4856ac8 http://openwall.com/lists/oss-security/2011/04/13/16 http://openwall.com/lists/oss-security/2011/04/13/4 http://securitytracker.com/id?1025558 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 https://bugzilla.redhat.com/show_bug.cgi?id=696029 https://access.redhat.com/security/cve/CVE-2011-1581 • CWE-20: Improper Input Validation •