CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2009-2768
https://notcve.org/view.php?id=CVE-2009-2768
The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer." La función load_flat_shared_library en el archivo fs/binfmt_flat.c en el subsistema flat en el kernel de Linux anterior a versión 2.6.31-rc6, permite a los usuarios locales causar una denegación de servicio (desreferencia de un puntero NULL y bloqueo del sistema) o posiblemente tener otro impacto no especificado mediante la ejecución de un binario flat compartido, que activa el acceso de un "uninitialized cred pointer." • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3440625d78711bee41a84cf29c3d8c579b522666 http://lkml.org/lkml/2009/6/22/91 http://secunia.com/advisories/36278 http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 http:/& • CWE-476: NULL Pointer Dereference CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 14CVE-2009-2692 – Linux Kernel 2.x (Android) - 'sock_sendpage()' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2692
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. El kernel de Linux versiones 2.6.0 hasta 2.6.30.4 y 2.4.4 hasta 2.4.37.4, no inicia todos los punteros de función para operaciones de socket en estructuras de proto_ops, lo que permite a los usuarios locales activar una desreferencia de puntero NULL y alcanzar privilegios mediante el uso de mmap que asigna la página cero, inserta el código arbitrario en esta página y luego invoca una operación no disponible, como es demostrado por la operación de sendpage (función sock_sendpage) en un socket PF_PPPOX. • https://www.exploit-db.com/exploits/9477 https://www.exploit-db.com/exploits/19933 https://www.exploit-db.com/exploits/9545 https://www.exploit-db.com/exploits/9598 https://www.exploit-db.com/exploits/9479 https://www.exploit-db.com/exploits/9641 https://www.exploit-db.com/exploits/9435 https://www.exploit-db.com/exploits/9436 https://github.com/jdvalentini/CVE-2009-2692 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html http://blog.cr0.or • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 7.2EPSS: 0%CPEs: 79EXPL: 1CVE-2009-2767 – Linux Kernel 2.6.x - 'posix-timers.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-2767
The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference. La función init_posix_timers en kernel/posix-timers.c en el kernel de linux anteriores a v2.6.31-rc6 permite a usuarios locales provocar una denegación de servicio (OOPS) o posiblemente conseguir privilegios a través de una llamada CLOCK_MONOTONIC_RAW clock_nanosleep que provoca una desreferencia a un puntero NULL. • https://www.exploit-db.com/exploits/33148 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=70d715fd0597f18528f389b5ac59102263067744 http://lkml.org/lkml/2009/8/4/28 http://lkml.org/lkml/2009/8/4/40 http://secunia.com/advisories/36200 http://secunia.com/advisories/37105 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6 http://www.openwall.com/lists/oss-security/2009/08/06/2 http://www.ubuntu.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 309EXPL: 1CVE-2009-2407 – kernel: ecryptfs heap overflow in parse_tag_3_packet()
https://notcve.org/view.php?id=CVE-2009-2407
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. Desbordamiento de búfer basado en memoria dinámica en la función parse_tag_3_packet en fs/ecryptfs/keystore.c en el subsistema eCryptfs del kernel de Linux anteriores a v2.6.30.4 permite a usuarios locales provocar una denegación de servicio (finalización del sistema) o posiblemente obtener mayores privilegios mediante vectores que emplean un fichero eCryptfs modificado, relacionado con un tamaño de clave de cifrado larga en un paquete "Tag 3". • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f151cd2c54ddc7714e2f740681350476cda03a28 http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://risesecurity.org/advisories/RISE-2009003.txt http://secunia.com/advisories/35985 http://secunia.com/advisories/36045 http://secunia.com/advisories/36051 http://secunia.com/advisories/36054 http://secunia.com/advisories/36116 http://secunia.com/advisories/36131 http://secunia.com/advisories/37 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.2EPSS: 0%CPEs: 414EXPL: 1CVE-2009-2406 – kernel: ecryptfs stack overflow in parse_tag_11_packet()
https://notcve.org/view.php?id=CVE-2009-2406
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. Desbordamiento de búfer basado en pila en la función parse_tag_11_packet en fs/ecryptfs/keystore.c en el subsistema eCryptfs del kernel de Linux anteriores a v2.6.30.4 permite a usuarios locales provocar una denegación de servicio (finalización del sistema) o posiblemente obtener mayores privilegios mediante vectores que utilizan un fichero eCryptfs modificado, relacionados con la no comprobación de que la longitud de la clave de firma en un paquete "Tag 11" es compatible con el tamaño del búfer de la clave de firma. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6352a29305373ae6196491e6d4669f301e26492e http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://risesecurity.org/advisories/RISE-2009002.txt http://secunia.com/advisories/35985 http://secunia.com/advisories/36045 http://secunia.com/advisories/36051 http://secunia.com/advisories/36054 http://secunia.com/advisories/36116 http://secunia.com/advisories/36131 http://secunia.com/advisories/37 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •