CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 4CVE-2011-1020 – Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation
https://notcve.org/view.php?id=CVE-2011-1020
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. La implementación del sistema de ficheros proc en el Kernel de Linux v2.6.37 y anteriores no restringe el acceso a un proceso del árbol del directorio /proc después de realizar este un proceso exec en un programa setuid, permite a usuarios locales obtener información sensible o provocar una denegación de servicio a través de llamadas open, lseek, read y write al sistema. Linux kernel version 2.6.32 (Ubuntu 10.04) suffers from a /proc handling setuid privilege escalation vulnerability. • https://www.exploit-db.com/exploits/41770 http://openwall.com/lists/oss-security/2011/02/24/18 http://openwall.com/lists/oss-security/2011/02/25/2 http://seclists.org/fulldisclosure/2011/Jan/421 http://secunia.com/advisories/43496 http://securityreason.com/securityalert/8107 http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface http://www.securityfocus.com/bid/46567 https://exchange.xforce.ibmcloud.com/vulnerabilities/65693 https://lkml.org/lkml/2011/2/10/21 htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1016 – kernel: drm/radeon/kms: check AA resolve registers on r300
https://notcve.org/view.php?id=CVE-2011-1016
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. El driver Radeon GPU en el Kernel de Linux anterior a v2.6.38-rc5 no valida adecuadamente datos relacionados con el registro AA resolve, lo que permite a usuarios locales escribir en lugares de memoria de su elección asociado con (1) Video RAM (también conocido como VRAM) o (2) el Graphics Translation Table (GTT) a través de valores manipulados. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fff1ce4dc6113b6fdc4e3a815ca5fd229408f8ef http://openwall.com/lists/oss-security/2011/02/24/11 http://openwall.com/lists/oss-security/2011/02/24/3 http://openwall.com/lists/oss-security/2011/02/25/4 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5 http://www.securityfocus.com/bid/46557 https://bugzilla.redhat.com/show_bug.cgi?id=680000 https://exchange.xforce. • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1010 – kernel: fs/partitions: Validate map_count in Mac partition tables
https://notcve.org/view.php?id=CVE-2011-1010
Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table. Desbordamiento de búfer en la función mac_partition en fs/partitions/mac.c en el kernel de Linux anteriores a v2.6.37.2, permite a usuarios locales causar una denegación de servicio (pánico) o posiblemente tener un impacto no especificado a través de una tabla de particiones con formato incorrecto de Mac OS. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa7ea87a057958a8b7926c1a60a3ca6d696328ed http://openwall.com/lists/oss-security/2011/02/22/11 http://openwall.com/lists/oss-security/2011/02/22/15 http://openwall.com/lists/oss-security/2011/02/22/3 http://secunia.com/advisories/46397 http://securityreason.com/securityalert/8115 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37.2 http://www.pre-cert.de/advisories/PRE-SA-20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2011-0999 – kernel: thp: prevent hugepages during args/env copying into the user stack
https://notcve.org/view.php?id=CVE-2011-0999
mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application. mm/huge_memory.c en el kernel de Linux anterior a f2.6.38-rc5 no impide la creación de una transparent huge page (THP) durante la existencia de una pila temporal para una llamada al sistema exec, que permite a usuarios locales causar una denegación de servicio (consumo de memoria) o posiblemente tener un impacto no especificado a través de una aplicación manipulado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31 http://openwall.com/lists/oss-security/2011/02/17/3 http://openwall.com/lists/oss-security/2011/02/17/6 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5 http://www.securityfocus.com/bid/46442 https://bugzilla.redhat.com/show_bug.cgi?id=678209 https://exchange.xforce.ibmcloud.com/vulnerabilities/65535 https://access.redhat.com/se • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1044 – kernel: IB/uverbs: Handle large number of entries in poll CQ
https://notcve.org/view.php?id=CVE-2011-1044
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. La función ib_uverbs_poll_cq en drivers/InfiniBand/core/uverbs_cmd.c en el kernel de Linux antes de v2.6.37 no inicializa determinado buffer de respuesta, lo que permite obtener información sensible de la memoria del kernel a usuarios locales a través de vectores que causan que este búfer este sólo parcialmente lleno. Se trata de una vulnerabilidad diferente a CVE-2010-4.649. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7182afea8d1afd432a17c18162cc3fd441d0da93 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 http://www.securityfocus.com/bid/46488 https://bugzilla.redhat.com/show_bug.cgi?id=667916 https://exchange.xforce.ibmcloud.com/vulnerabilities/65563 https://access.redhat.com/security/cve/CVE-2011-1044 • CWE-909: Missing Initialization of Resource •