CVE-2011-1083 – Linux Kernel 2.6.x - epoll Nested Structures Local Denial of Service
https://notcve.org/view.php?id=CVE-2011-1083
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. La implementación epoll en el Kernel de Linux v2.6.37.2 y anteriores no cruza un árbol de descriptores de fichero epoll adecuadamente, lo que permite a usuarios locales provocar una denegación de servicio (consumo de CPU) a través de una aplicación manipulada que hace epoll_create y llamadas al sistema epoll_ctl. • https://www.exploit-db.com/exploits/35403 http://article.gmane.org/gmane.linux.kernel/1105744 http://article.gmane.org/gmane.linux.kernel/1105888 http://article.gmane.org/gmane.linux.kernel/1106686 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html http://openwall.com/lists/oss-security/2011/03/02/1 http://openwall.com/lists/oss-security/2011/03/02/2 http://rhn.redhat.com/e • CWE-400: Uncontrolled Resource Consumption •
CVE-2011-1082 – Linux Kernel 2.6.x - fs/eventpoll.c epoll Data Structure File Descriptor Local Denial of Service
https://notcve.org/view.php?id=CVE-2011-1082
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. fs/eventpoll.c en el kernel de Linux anterior a v2.6.38 coloca descriptores de fichero epoll dentro de otra estructura de datos epoll sin comprobar correctamente para (1) bucles cerrados (2) profundidad de cadena, lo que permite a usuarios locales provocar una denegación de servicio (bloqueo o agotamiento de la pila de memoria) a través de una aplicación que hace epoll_create y llamadas al sistema epoll_ctl. • https://www.exploit-db.com/exploits/35404 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e http://openwall.com/lists/oss-security/2011/03/02/1 http://openwall.com/lists/oss-security/2011/03/02/2 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 https://bugzilla.redhat.com/show_bug.cgi?id=681575 https://lkml.org/lkml/2011/2/5/220 https://access.redhat.com/security/cve/CVE-20 • CWE-400: Uncontrolled Resource Consumption •
CVE-2011-1163 – kernel: fs/partitions: Corrupted OSF partition table infoleak
https://notcve.org/view.php?id=CVE-2011-1163
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. La función ofs/partitions/osf.c en el kernel de linux anterior a v2.6.38 no maneja correctamente un número inválido de particiones, lo que permite a usuarios locales obtner información sensible del heap mediante vectores relacionados con el análisis de la tabla de particiones. • http://downloads.avaya.com/css/P8/documents/100145416 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://openwall.com/lists/oss-security/2011/03/15/14 http://openwall.com/lists/oss-security/2011/03/15/9 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://securityreason.com/securityalert/8189 http://securitytracker.com/id?1025225 • CWE-20: Improper Input Validation •
CVE-2011-0695 – kernel: panic in ib_cm:cm_work_handler
https://notcve.org/view.php?id=CVE-2011-0695
Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference. Condición de carrera en la función cm_work_handler del controlador InfiniBand (drivers/infiniband/core/cma.c) del kernel de Linux 2.6.x. Permite a atacantes remotos provocar una denegación de servicio (panic) enviando una petición InfiniBand mientras otros manejadores de petición se están ejecutando, lo que provoca una resolución de puntero inválida. • http://rhn.redhat.com/errata/RHSA-2011-0927.html http://secunia.com/advisories/43693 http://www.openwall.com/lists/oss-security/2011/03/11/1 http://www.securityfocus.com/bid/46839 http://www.spinics.net/lists/linux-rdma/msg07447.html http://www.spinics.net/lists/linux-rdma/msg07448.html http://www.ubuntu.com/usn/USN-1146-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/66056 https://access.redhat.com/security/cve/CVE-2011-0695 https://bugzilla.redhat.com/s • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2011-1017
https://notcve.org/view.php?id=CVE-2011-1017
Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table. Desbordamiento de búfer en memoria dinámica en la función ldm_frag_add en fs/partitions/ldm.c en el kernel de Linux v2.6.37.2 y anteriores, podría permitir a usuarios locales conseguir privilegios u obtener información sensible a través de una tabla de particiones LDM manipulada. • http://openwall.com/lists/oss-security/2011/02/23/16 http://openwall.com/lists/oss-security/2011/02/24/14 http://openwall.com/lists/oss-security/2011/02/24/4 http://secunia.com/advisories/43716 http://secunia.com/advisories/43738 http://securityreason.com/securityalert/8115 http://securitytracker.com/id?1025128 http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt http://www.securityfocus.com/archive/1/516615/100/0/threaded http://www.securityfocus.com/bid/4 • CWE-787: Out-of-bounds Write •