Page 540 of 2874 results (0.023 seconds)

CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 0

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. net/netfilter/nf_conntrack_proto_generic.c en el kernel de Linux anterior a 3.18 genera entradas conntrack incorrectas durante el manejo de ciertos juegos de reglas iptables para los protocolos SCTP, DCCP, GRE, y UDP-Lite, lo que permite a atacantes remotos evadir las restricciones de acceso a través de paquetes con números de puertos rechazados. A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db29a9508a9246e77087c5531e45b2c88ec6988b http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0284.html http://rhn.redhat.com/errata/RHSA&# • CWE-20: Improper Input Validation •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 1

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. La API Crypto en el kernel de Linux anterior a 3.18.5 permite a usuarios locales cargar módulos del kernel arbitrarios a través de una llamada al sistema de enlaces para un socket AF_ALG con un nombre de módulo en el campo salg_name, una vulnerabilidad diferente a CVE-2014-9644. A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d26a105b5a73e5635eae0629b42fa0a90e07b7b http://rhn.redhat.com/errata/RHSA-2016-0068.html http://www.debian.org/security/2015/dsa-3170 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 http://www.mandriva.com/security/advisories?name=MDVSA-2015:057 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2015/01/24/4 http://www. • CWE-269: Improper Privilege Management CWE-749: Exposed Dangerous Method or Function •

CVSS: 6.2EPSS: 0%CPEs: 11EXPL: 1

The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. La función em_sysenter en arch/x86/kvm/emulate.c en el kernel de Linux anterior a 3.18.5, cuando al sistema operativo invitado le falta la inicialización SYSENTER MSR, permite a usuarios del sistema operativo invitado ganar privilegios del sistema operativo invitado o causar una denegación de servicio (caída del sistema operativo invitado) mediante la provocación del uso de un segmento de código de 16 bits para la emulación de una instrucción SYSENTER. It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f3747379accba8e95d70cec0eae0582c8c182050 http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245 http://rhn.redhat.com/errata/RHSA-2015-1272.html http://www.debian.org/security/2015/dsa-3170 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2015/01/27/6 http://www • CWE-269: Improper Privilege Management CWE-391: Unchecked Error Condition •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421. La API Crypto en el kernel de Linux anterior a 3.18.5 permite a usuarios locales cargar módulos del kernel arbitrarios a través de una llamada al sistema de enlaces para un socket AF_ALG con una expresión de plantilla de módulos entre paréntesis en el campo salg_name, tal y como fue demostrado por la expresión vfat(aes), una vulnerabilidad diferente a CVE-2013-7421. A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4943ba16bbc2db05115707b3ff7b4874e9e3c560 http://rhn.redhat.com/errata/RHSA-2016-0068.html http://www.debian.org/security/2015/dsa-3170 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 http://www.mandriva.com/security/advisories?name=MDVSA-2015:057 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2015/01/24/4 http://www. • CWE-269: Improper Privilege Management CWE-749: Exposed Dangerous Method or Function •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2

The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. La característica de aleatoriedad de la pila en el Kernel de Linux anterior a 3.19.1 en plataformas de 64-bits utiliza un tipo de datos incorrecto por el resultado de operaciones de bitwise left-shift, lo que hace que sea más fácil para atacantes evadir el mecanismo de protección ASLR prediciendo direcciones del tope de la pila, relacionado con la función andomize_stack_top en fs/binfmt_elf.c y la función stack_maxrandom_size en arch/x86/mm/mmap.c. An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 http://hmarco.org/bugs/linux-ASLR-integer-overflow.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-1137.html http://rhn.redhat.com/errata/RHSA-2015-1138.html http://rhn.redhat.com/errata/RHSA-2015-1221.html http://www.debi • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •