CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3859 – kernel: tipc: heap overflow in tipc_msg_build()
https://notcve.org/view.php?id=CVE-2010-3859
Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c. Múltiples errores de signo de entero en la implementación de TIPC en el kernel de Linux anteriores a v2.6.36.2 permite a usuarios locales conseguir privilegios a través de una llamada manipulada sendmsg que provoca un desbordamiento de búfer basado en memoria dinámica, relacionado con la función tipc_msg_build en net/tipc/msg.c y la función verify_iovec en net/core/iovec.c. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=253eacc070b114c2ec1f81b067d2fed7305467b0 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8acfe468b0384e834a303f08ebc4953d72fb690a http://marc.info/?l=linux-netdev&m=128770476511716&w=2 http://secunia.com/advisories/42789 http://secunia.com/advisories/42963 http://secunia.com/advisories/46397 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org/pub/linux/kernel/ • CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 1CVE-2010-3849 – Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3849
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field. La función econet_sendmsg en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2, cuando se configura una dirección econet, permite a usuarios locales causar una denegación de servicio (desreferencia a puntero NULL y OOPS) a través de una llamada sendmsg que especifica un valor NULL para el campo de dirección remota. • https://www.exploit-db.com/exploits/15704 http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://openwall.com/lists/oss-security/2010/11 • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3448 – kernel: thinkpad-acpi: lock down video output state access
https://notcve.org/view.php?id=CVE-2010-3448
drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the X.Org X server is used, does not properly restrict access to the video output control state, which allows local users to cause a denial of service (system hang) via a (1) read or (2) write operation. drivers/platform/x86/thinkpad_acpi.c en el kernel de Linux anterior a v2.6.34 en los dispositivos de ThinkPad, cuando el servidor de X, X.Org, se utiliza, no restringe correctamente el acceso al estado del control de salida de vídeo, lo que permite a usuarios locales causar una denegación de servicio (caída del sistema) a través de operaciones de (1) lectura o (2) escritura. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565790 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b525c06cdbd8a3963f0173ccd23f9147d4c384b5 http://openwall.com/lists/oss-security/2010/06/23/2 http://openwall.com/lists/oss-security/2010/09/28/1 http://openwall.com/lists/oss-security/2010/09/29/7 http://openwall.com/lists/oss-security/2010/09/30/1 http://openwall.com/lists/oss-security/2010/09/30/6 http://www.debian.org& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 2CVE-2010-3850 – Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3850
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call. La función ec_dev_ioctl en net/econet/af_econet.c en el kernel de Linux anteriores a v2.6.36.2 no requiere la capacidad CAP_NET_ADMIN, que permite a usuarios locales evitar las restricciones de acceso y configurar las direcciones econet a través de una llamada SIOCSIFADDR ioctl. • https://www.exploit-db.com/exploits/15704 https://www.exploit-db.com/exploits/17787 http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16c41745c7b92a243d0874f534c1655196c64b74 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http&# •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2010-3880 – kernel: logic error in INET_DIAG bytecode auditing
https://notcve.org/view.php?id=CVE-2010-3880
net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions. net/ipv4/inet_diag.c en el kernel Linux, en versiones anteriores a la 2.6.37-rc2, no audita apropiadamente el bytecode INET_DIAG, lo que permite a atacantes locales provocar una denegación de servicio (bucle infinito del kernel) mediante instrucciones INET_DIAG_REQ_BYTECODE debidamente modificadas en un mensaje netlink que contiene múltiples elementos de atributos, como se ha demostrado por las intrucciones INET_DIAG_BC_JMP. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22e76c849d505d87c5ecf3d3e6742a65f0ff4860 http://openwall.com/lists/oss-security/2010/11/04/9 http://openwall.com/lists/oss-security/2010/11/05/3 http://secunia.com/advisories/42126 http://secunia.com/advisories/42789 http://secunia.com/advisories/42890 http://secunia.com/advisories/46397 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org/pub/linux/kernel/v2.6/testing/Change • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •