CVSS: 7.2EPSS: 0%CPEs: 414EXPL: 1CVE-2009-2406 – kernel: ecryptfs stack overflow in parse_tag_11_packet()
https://notcve.org/view.php?id=CVE-2009-2406
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. Desbordamiento de búfer basado en pila en la función parse_tag_11_packet en fs/ecryptfs/keystore.c en el subsistema eCryptfs del kernel de Linux anteriores a v2.6.30.4 permite a usuarios locales provocar una denegación de servicio (finalización del sistema) o posiblemente obtener mayores privilegios mediante vectores que utilizan un fichero eCryptfs modificado, relacionados con la no comprobación de que la longitud de la clave de firma en un paquete "Tag 11" es compatible con el tamaño del búfer de la clave de firma. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6352a29305373ae6196491e6d4669f301e26492e http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://risesecurity.org/advisories/RISE-2009002.txt http://secunia.com/advisories/35985 http://secunia.com/advisories/36045 http://secunia.com/advisories/36051 http://secunia.com/advisories/36054 http://secunia.com/advisories/36116 http://secunia.com/advisories/36131 http://secunia.com/advisories/37 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 10%CPEs: 412EXPL: 1CVE-2009-1389 – kernel: r8169: fix crash when large packets are received
https://notcve.org/view.php?id=CVE-2009-1389
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet. Desbordamiento de memoria en el driver RTL8169 NIC (drivers/net/r8169.c) en el kernel de Linux anteriores a v2.6.30 permite a atacantes remotos producir una denegación de servicio (consumo de memoria del kernel y caída) a través de un paquete largo. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=fdd7b4c3302c93f6833e338903ea77245eb510b4 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://lkml.org/lkml/2009/6/8/194 http://marc.info/?l=linux-netdev&m=123462461713724&w=2 http://secunia.com/advisories/35265 http://secunia.com/advisories/35566 http://secunia.com/advisories/35847 http://secunia& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 16%CPEs: 296EXPL: 0CVE-2008-2750
https://notcve.org/view.php?id=CVE-2008-2750
The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. La función pppol2tp_recvmsg de drivers/net/pppol2tp.c en el kernel de Linux 2.6 anterior a 2.6.26-rc6, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria en montículo del kernel y caída del sistema) y puede que tenga otros impactos no especificados, al utilizar un paquete PPPOL2TP que resulta en un valor largo para determinada longitud de variable. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b6707a50c7598a83820077393f8823ab791abf8 http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.26-rc6 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html http://secunia.com/advisories/30719 http://secunia.com/advisories/30901 http://secunia.com/advisories/30920 http://secunia.com/advisories/31107 http://secunia.com/advisories/31202 http://securitytracker.com/id?1020297 http:& • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 7%CPEs: 271EXPL: 0CVE-2008-1673
https://notcve.org/view.php?id=CVE-2008-1673
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. La implementación de asn1 en (a) el núcleo Linux 2.4 versiones anteriores a 2.4.36.6 y 2.6 versiones anteriores a 2.6.25.5, tal como lo utilizado en los módulos cifs y ip_nat_snmp_basic; y (b) el paquete gxsnmp; no valida apropiadamente la longitud de valores durante la decodificación de datos ASN.1 BER, lo cual permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección a través de (1) una longitud superior a la de trabajo del búfer, lo cual puede llevar a un desbordamiento no especificado; (2) una longitud oid a cero, lo cual puede llevar a un error off-by-one; o (3) una longitud indefinida de codificación primitiva. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ddb2c43594f22843e9f3153da151deaba1a834c5 http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 304EXPL: 0CVE-2008-1669 – kernel: add rcu_read_lock() to fcheck() in both dnotify, locks.c and fix fcntl store/load race in locks.c
https://notcve.org/view.php?id=CVE-2008-1669
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." El kernel de Linux en versiones posteriores a la 2.6.25.2, no aplica determinados mecanismos de protección para la funcionalidad fcntl, la cual permite a usuarios locales (1) ejecutar código en paralelo o (2) explotar una condición de carrera (race condition) para obtener un “acceso re-ordenado a la tabla descriptor” • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html http://lists.vmware.com/pipermail/security-announce/2008/000023.html http://secunia.com/advisories/30077 http://secunia.com/advisories/30101 http://secunia.com/advisories/30108 http://secunia.com/adv • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •