CVSS: 7.2EPSS: 0%CPEs: 24EXPL: 1CVE-2010-2240 – kernel: mm: keep a guard page below a grow-down stack segment
https://notcve.org/view.php?id=CVE-2010-2240
The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. La función do_anonymous_page en mm/memory.c en el kernel de Linux anterior v2.6.27.52, v2.6.32.x anterior v2.6.32.19, v2.6.34.x anterior v2.6.34.4, y v2.6.35.x anterior v2.6.35.2 no separa adecuadamente la pila y la cabecera, lo que permite a atacantes dependientes del contexto ejecutar código de su elección por escritura en el final de la página de un segmento de memoria compartida, como quedó demostrado con un ataque de memoria exhaustiva contra el servidor X.Org X. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=320b2b8de12698082609ebbc1a17165727f4c893 http://lists.vmware.com/pipermail/security-announce/2011/000133.html http://securitytracker.com/id?1024344 http://www.debian.org/security/2010/dsa-2094 http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 3CVE-2010-2959 – Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-2959
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic. Desbordamiento de enterno en net/can/bcm en la implementación Controller Area Network (CAN) del kernel de Linux anterior a v2.6.27.53, v2.6.32.x anterior a v2.6.32.21, v2.6.34.x anterior a v2.6.34.6, y v2.6.35.x anterior a v2.6.35.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de sistema) a través de tráfico CAN manipulado. • https://www.exploit-db.com/exploits/14814 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5b75c4973ce779520b9d1e392483207d6f842cde http://jon.oberheide.org/files/i-can-haz-modharden.c http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2011& • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2010-2492 – kernel: ecryptfs_uid_hash() buffer overflow
https://notcve.org/view.php?id=CVE-2010-2492
Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors. Vulnerabilidad de desbordamiento de búfer en la macro ecryptfs_uid_hash en fs/ecryptfs/messaging.c del subsistema eCryptfs del kernel de Linux anterior a v2.6.35, podría permitir a a usuarios locales obtener privilegios o provocar una denegación de servicio (caída de sistema) a través de vectores no especificados. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6f80fb7b5986fda663d94079d3bba0937a6b6ff http://secunia.com/advisories/42890 http://secunia.com/advisories/46397 http://support.avaya.com/css/P8/documents/100113326 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.mandriva.com/security/advisories?name=MDVSA-2010:172 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.redhat.com/support/errata/RHSA-2010-0723&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2010-2071
https://notcve.org/view.php?id=CVE-2010-2071
The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl. La función btrfs_xattr_set_acl en fs/btrfs/acl.c en btrfs en el kernel de linux v2.6.34 y anteriores no valida quien es el propietario de un archivo antes de establecer una ACL, lo que permite a usuarios locales evitar los permisos de fichero estableciendo ACLs de su elección como se ha demostrado usando setfacl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba http://lkml.org/lkml/2010/5/17/544 http://www.openwall.com/lists/oss-security/2010/06/11/3 http://www.openwall.com/lists/oss-security/2010/06/14/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 303EXPL: 0CVE-2008-7256 – kernel: nfsd: fix vm overcommit crash
https://notcve.org/view.php?id=CVE-2008-7256
mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1643. Vulnerabilidad en el fichero mm/shmem.c para el kernel de Linux anterior a v2.6.28-rc8, cuando "strict overcommint" está habilitado y "CONFIG_SECURITY" deshabilitado, no maneja correctamente la exportación del objeto "shmemfs" por "knfsd", lo cual permite a atacantes provocar una denegación de servicio. NOTA: esta vulnerabilidad existe debido a una incompleta correción para la vulnerabilidad CVE-2010-1643. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1b79cd04fab80be61dcd2732e2423aafde9a4c1c http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc8 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.openwall.com/lists/oss-security/2010/05/27/1 https://bugzilla.redhat.com/show_bug.cgi?id=595970 https://exchange.xforce.ibmcloud.com/vulnerabilities/59224 https://access.redhat.com/security/cve/CVE-2008- •