CVE-2008-3281 – libxml2 denial of service
https://notcve.org/view.php?id=CVE-2008-3281
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. libxml2 2.6.32 y anteriores, no detecta correctamente la recursividad durante la expansión de una entidad en un valor de un atributo; esto permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de la memoria y la CPU) mediante un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://lists.vmware.com/pipermail/security-announce/2008/000039.html http://mail.gnome.org/archives/xml/2008-August/msg00034.html http://secunia.com/advisories/31558 http://secunia.com/advisories/31566 http://secunia.com/advisories/31590 http://secunia.com/advisories/3172 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVE-2008-3275 – Linux kernel local filesystem DoS
https://notcve.org/view.php?id=CVE-2008-3275
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories. Las funciones (1) real_lookup y (2) __lookup_hash en el archivo fs/namei.c en la implementación de vfs en el kernel de Linux anterior a versión 2.6.25.15 no previene la creación de una matriz de elementos secundarios para un directorio eliminado (también se conoce como S_DEAD), que permite a los usuarios locales causar una denegación de servicio ("overflow" del área huérfana UBIFS) por medio de una serie de intentos de creación de archivos sin eliminar los directorios. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d70b67c8bc72ee23b55381bd6a884f4796692f77 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.15 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html http://lkml.org/lkml/2008/7/2/83 http://secunia.com/advisories/31551 http://secunia.com/advisories/31614 http://secunia.com/advisories/31836 http:/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2008-3534 – kernel: tmpfs: fix kernel BUG in shmem_delete_inode
https://notcve.org/view.php?id=CVE-2008-3534
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count. La función shmem_delete_inode de mm/shmem.c en la implementación the tmpfs de Linux kernel versiones anteriores a 2.6.26.1 permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de una determinada secuencia de operaciones de ficheros de crear, eliminar y sobrescribir, como lo demostrador por el programa insserv, relacionado con la asignación de "páginas sin uso" y mantenimiento inadecuado de la cuenta i_blocks. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=14fcc23fdc78e9d32372553ccf21758a9bd56fa1 http://lkml.org/lkml/2008/7/26/71 http://secunia.com/advisories/31881 http://secunia.com/advisories/32190 http://secunia.com/advisories/32393 http://www.debian.org/security/2008/dsa-1636 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1 http://www.redhat.com/support/errata/RHSA-2008-0857.html http://www.securityfocus.com/bid • CWE-400: Uncontrolled Resource Consumption •
CVE-2008-3535 – kernel: fix off-by-one error in iov_iter_advance()
https://notcve.org/view.php?id=CVE-2008-3535
Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project. Error de superación del límite en la función iov_iter_advance de mm/filemap.c en Linux kernel versiones anteriores a 2.6.27-rc2 permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de una determinada secuencia de operaciones en ficheros de I/O con readv y writev, como lo demostrado por testcases/kernel/fs/ftest/ftest03 de Linux Test Project. • http://mirror.celinuxforum.org/gitstat/commit-detail.php?commit=94ad374a0751f40d25e22e036c37f7263569d24c http://secunia.com/advisories/31881 http://secunia.com/advisories/32190 http://secunia.com/advisories/32393 http://www.debian.org/security/2008/dsa-1636 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2 http://www.lkml.org/lkml/2008/7/30/446 http://www.redhat.com/support/errata/RHSA-2008-0857.html http://www.securityfocus.com/bid/31132 http://www& • CWE-193: Off-by-one Error •
CVE-2008-1945 – qemu/kvm/xen: add image format options for USB storage and removable media
https://notcve.org/view.php?id=CVE-2008-1945
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. QEMU 0.9.0 no maneja apropiadamente cambio de medios extraíbles, lo cual permite a usuarios invitados del sistema operativo leer ficheros de su elección en el Host del sistema operativo utilizando el diskformat: parámetro en la opción -usbdevice para modificar la cabecera disk-image para identificar un formato diferente, una cuestión relacionada a CVE-2008-2004. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/32063 http://secunia.com/advisories/32088 http://secunia.com/advisories/34642 http://secunia.com/advisories/35031 http://secunia.com/advisories/35062 http://www.debian.org/security/2009/dsa-1799 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 http://www.securityfocus.com/bid/30604 http://www.securitytracker.com/id?1020959 http://www.ubuntu.com/usn/usn-776& •