CVSS: 7.5EPSS: 2%CPEs: 17EXPL: 1CVE-2011-1493
https://notcve.org/view.php?id=CVE-2011-1493
Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket. Un error de indice de array en la función rose_parse_national en net/rose/rose_subr.c en versiones del kernel de Linux anteriores a v2.6.39 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria dinámica) o posiblemente tener un impacto no especificado mediante la composición de datos FAC_NATIONAL_DIGIS que especifican un gran número de 'digipeaters', y luego envian datos a un socket de 'ROSE'. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=be20250c13f88375345ad99950190685eda51eb8 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://www.openwall.com/lists/oss-security/2011/04/05/19 https://bugzilla.redhat.com/show_bug.cgi?id=770777 https://github.com/torvalds/linux/commit/be20250c13f88375345ad99950190685eda51eb8 •
CVSS: 1.9EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1078 – kernel: bt sco_conninfo infoleak
https://notcve.org/view.php?id=CVE-2011-1078
The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option. La función sco_sock_getsockopt_old en net/bluetooth/sco.c en el kernel de Linux anteriores a v2.6.39 no inicializa una estructura concreta, lo que permite a usuarios locales obtener información sensible de la de pila memoria del núcleo a través de la opción SCO_CONNINFO. • http://downloads.avaya.com/css/P8/documents/100145416 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c4c896e1471aec3b004a693c689f60be3b17ac86 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://rhn.redhat.com/errata/RHSA-2012-1156.html http://www.openwall.com/lists/oss-security/2011/03/01/10 https://bugzilla.redhat.com/show_bug.cgi?id=681259 https://github.com/torvalds/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1079 – kernel: bnep device field missing NULL terminator
https://notcve.org/view.php?id=CVE-2011-1079
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command. La función de bnep_sock_ioctl en net/bluetooth/bnep/sock.c en versiones del kernel de Linux anteriores a v2.6.39 no garantiza que un campo de dispositivo determinado termine con un '\0', lo que permite a usuarios locales obtener información sensible de la pila del kernel, o causar una denegación de servicio (por caída del sistema), a través de un comando BNEPCONNADD. • http://downloads.avaya.com/css/P8/documents/100145416 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573 http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html http://rhn.redhat.com/errata/RHSA-2011-0833.html http://www.openwall.com/lists/oss-security/2011/03/01/10 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1080 – kernel: ebtables stack infoleak
https://notcve.org/view.php?id=CVE-2011-1080
The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line. La función de do_replace en net/bridge/netfilter/ebtables.c en versiones del kernel de Linux anteriores a v2.6.39 no garantiza que un nombre de campo determinado termine con un '\0', lo que permite a usuarios locales obtener información sensible de la pila del kernel aprovechandose de la capacidad CAP_NET_ADMIN para reemplazar a una tabla y luego leer una línea de comandos modprobe. • http://downloads.avaya.com/css/P8/documents/100145416 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d846f71195d57b0bbb143382647c2c6638b04c5a http://rhn.redhat.com/errata/RHSA-2011-0833.html http://www.openwall.com/lists/oss-security/2011/03/01/10 https://bugzilla.redhat.com/show_bug.cgi?id=681262 https://github.com/torvalds/linux/commit/d846f71195d57b0bbb143382647c2c6638b04c5a https://access • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 17EXPL: 1CVE-2011-1160 – kernel: tpm infoleaks
https://notcve.org/view.php?id=CVE-2011-1160
The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors. La función de tpm_open en drivers/char/tpm/tpm.c en el kernel de Linux anteriores a v2.6.39 no se inicializa un búfer concreto, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de vectores no especificados. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1309d7afbed112f0e8e90be9af975550caa0076b http://www.openwall.com/lists/oss-security/2011/03/15/13 https://bugzilla.redhat.com/show_bug.cgi?id=684671 https://github.com/torvalds/linux/commit/1309d7afbed112f0e8e90be9af975550caa0076b https://access.redhat.com/security/cve/CVE-2011-1160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •