CVE-2015-1420
https://notcve.org/view.php?id=CVE-2015-1420
Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function. Condición de carrera en la función handle_to_path en fs/fhandle.c en el Kernel de Linux a través de 3.19.1 permite a usuarios locales evadir las restricciones del tamaño y lanzar operaciones de lectura en ubicaciones de memoria adicionales cambiando el valor de handle_bytes del manejador del archivo durante la ejecución de su función. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html http://marc.info/?l=linux-kernel&m=142247707318982&w=2 http://www.debian.org/security/2015/dsa-3170 http://www.openwall • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2015-1421 – kernel: net: slab corruption from use after free on INIT collisions
https://notcve.org/view.php?id=CVE-2015-1421
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. Vulnerabilidad de uso después de liberación en la función sctp_assoc_update en net/sctp/associola.c en el Kernel de Linux anterior a 3.18.8 permite a atacantes remotos causar una denegación de servicio (corrupción de bloque y pánico) o la posibilidad de tener otro impacto no especificado mediante la provocación de una colisión INIT que lleva al manejo inadecuado de datos de shared-key. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=600ddd6825543962fb807884169e57b580dba208 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-0726.html http://rhn.redhat.com/errata/RHSA-2015-0751.html http://rhn.redhat.com/errata/RHSA-2015-0782.html http://rhn.redhat.com/errata/RHSA-2015-0864.html http://rhn.redhat. • CWE-416: Use After Free •
CVE-2014-9683 – kernel: buffer overflow in eCryptfs
https://notcve.org/view.php?id=CVE-2014-9683
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. Error de superación de límite (off-by-one) en la función ecryptfs_decode_from_filename en fs/ecryptfs/crypto.c en el subsistema eCryptfs en el kernel de Linux anterior a 3.18.2 permite a usuarios locales causar una denegación de servicio (desbordamiento de buffer y caída del sistema) o posiblemente ganar privilegios a través de un nombre de fichero manipulado. A buffer overflow flaw was found in the way the Linux kernel's eCryptfs implementation decoded encrypted file names. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=942080643bce061c3dd9d5718d3b745dcb39a8bc http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-1272.html http://www.debian.org/security/2015/dsa-3170 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2015/02/17/9 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVE-2014-8160 – kernel: iptables restriction bypass if a protocol handler kernel module not loaded
https://notcve.org/view.php?id=CVE-2014-8160
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. net/netfilter/nf_conntrack_proto_generic.c en el kernel de Linux anterior a 3.18 genera entradas conntrack incorrectas durante el manejo de ciertos juegos de reglas iptables para los protocolos SCTP, DCCP, GRE, y UDP-Lite, lo que permite a atacantes remotos evadir las restricciones de acceso a través de paquetes con números de puertos rechazados. A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db29a9508a9246e77087c5531e45b2c88ec6988b http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0284.html http://rhn.redhat.com/errata/RHSA • CWE-20: Improper Input Validation •
CVE-2013-7421 – kernel: crypto api unprivileged arbitrary module load via request_module()
https://notcve.org/view.php?id=CVE-2013-7421
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. La API Crypto en el kernel de Linux anterior a 3.18.5 permite a usuarios locales cargar módulos del kernel arbitrarios a través de una llamada al sistema de enlaces para un socket AF_ALG con un nombre de módulo en el campo salg_name, una vulnerabilidad diferente a CVE-2014-9644. A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d26a105b5a73e5635eae0629b42fa0a90e07b7b http://rhn.redhat.com/errata/RHSA-2016-0068.html http://www.debian.org/security/2015/dsa-3170 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 http://www.mandriva.com/security/advisories?name=MDVSA-2015:057 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2015/01/24/4 http://www. • CWE-269: Improper Privilege Management CWE-749: Exposed Dangerous Method or Function •