CVSS: 2.1EPSS: 0%CPEs: 201EXPL: 0CVE-2006-5174
https://notcve.org/view.php?id=CVE-2006-5174
The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer. La función copy_from_user en el código uaccess en Linux kernel 2.6 anterior a 2.6.19-rc1, cuando funciona sobre s390, no correctamente claro un búfer del núcleo, lo cuál permite que los programas locales del espacio del usuario lean porciones de la memoria del núcleo “añadiendo a un archivo una mala dirección,” lo que dispara una falta que previene la memoria no usada se limpie en el búfer del nucleo. • http://lkml.org/lkml/2006/11/5/46 http://rhn.redhat.com/errata/RHSA-2007-0014.html http://secunia.com/advisories/22289 http://secunia.com/advisories/22497 http://secunia.com/advisories/23064 http://secunia.com/advisories/23370 http://secunia.com/advisories/23395 http://secunia.com/advisories/23474 http://secunia.com/advisories/23997 http://secunia.com/advisories/24206 http://securitytracker.com/id?1017090 http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm •
CVSS: 7.8EPSS: 45%CPEs: 191EXPL: 1CVE-2006-3468 – Linux Kernel 2.6.17.7 - NFS and EXT3 Combination Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-3468
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only. Linux kernel 2.6.x, cuando utiliza NFS y EXT3, permite a atacantes remotos provocar denegación de servicio (panic en el sistema de archivos) a través de paquetes UDP manipulados con un procedimiento de búsqueda V2 que especifica una cabecera de fichero mala (número de inode), lo cual dispara un error y provocar un directorio exportado se remontado en solo lectura. • https://www.exploit-db.com/exploits/28358 http://lkml.org/lkml/2006/7/17/41 http://secunia.com/advisories/21369 http://secunia.com/advisories/21605 http://secunia.com/advisories/21614 http://secunia.com/advisories/21847 http://secunia.com/advisories/21934 http://secunia.com/advisories/22093 http://secunia.com/advisories/22148 http://secunia.com/advisories/22174 http://secunia.com/advisories/22822 http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm http:&# •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2006-2935
https://notcve.org/view.php?id=CVE-2006-2935
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow. La función dvd_read_bca en el código de manejo de los DVD en el fichero drivers/cdrom/cdrom.c del kernel de Linux v2.2.16 y posteriores, asigna un valor incorrecto a la variable "length" (longitud), lo que permite a usuarios locales ejecutar código de su elección a través de dispositivos de almacenamiento USB modificados maliciosamente que disparan un desbordamiento de buffer. • http://bugzilla.kernel.org/show_bug.cgi?id=2966 http://secunia.com/advisories/21179 http://secunia.com/advisories/21298 http://secunia.com/advisories/21498 http://secunia.com/advisories/21605 http://secunia.com/advisories/21614 http://secunia.com/advisories/21695 http://secunia.com/advisories/21934 http://secunia.com/advisories/22082 http://secunia.com/advisories/22093 http://secunia.com/advisories/22174 http://secunia.com/advisories/22497 http://secunia.com/advisories/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 2.1EPSS: 0%CPEs: 113EXPL: 0CVE-2006-0456
https://notcve.org/view.php?id=CVE-2006-0456
The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors. La función strnlen_user en el kernel Linux anterior a la versión 2.6.16 en IBM S/390 puede devolver un valor incorrecto, lo que permite a usuarios locales provocar una denegación de servicio mediante vectores desconocidos. • http://secunia.com/advisories/20914 http://secunia.com/advisories/21465 http://secunia.com/advisories/22417 http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm http://www.debian.org/security/2006/dsa-1103 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=331c46591414f7f92b1cec048009abe89892ee79 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=331c46591414f7f92b1cec048009abe89892ee79 http://www.kernel.org/pub&# •
CVSS: 7.8EPSS: 5%CPEs: 148EXPL: 0CVE-2006-3085
https://notcve.org/view.php?id=CVE-2006-3085
xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length. xt_sctp en netfilter para el kernel Linux anterior a v2.6.17.1 permite a atacantes provocar una denegación de servivio (bucle infinito) a través de un fragmento SCTP con longitud 0 (cero). • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.1 http://secunia.com/advisories/20703 http://secunia.com/advisories/20831 http://secunia.com/advisories/21045 http://secunia.com/advisories/21179 http://secunia.com/advisories/21498 http://securitytracker.com/id?1016347 http://www.mandriva.com/security/advisories?name=MDKSA-2006:123 http://www.novell.com/linux/security/advisories/2006_42_kernel.html http://www.novell.com/linux/security/advisories/2006_47_kernel.html&# •