CVE-2011-0711 – kernel: xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
https://notcve.org/view.php?id=CVE-2011-0711
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. La función xfs_fs_geometry de fs/xfs/xfs_fsops.c del kernel de Linux en versiones anteriores a la 2.6.38-rc6-git3 no inicializa un miembro determinado de una estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la memoria de la pila del kernel a través de una llamada ioctl FSGEOMETRY_V1. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba http://openwall.com/lists/oss-security/2011/02/16/10 http://openwall.com/lists/oss-security/2011/02/16/4 http://osvdb.org/70950 http://rhn.redhat.com/errata/RHSA-2011-0927.html http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git3.log http://www.securityfocus.com/bid/46417 https://bugzilla.redhat.com/show_bug.cgi?id=67 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-1012
https://notcve.org/view.php?id=CVE-2011-1012
The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted partition table. La función ldm_parse_vmdb en fs/partitions/ldm.c en el kernel de Linux anterior a v2.6.38-rc6-git6, no valida el valor del tamaño VBLK en la estructura VMDB en una tabla de particiones LDM, lo que permite a usuarios locales causar una denegación de servicio (división por cero error y OOPS) a través de una tabla de particiones manipulada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=294f6cf48666825d23c9372ef37631232746e40d http://openwall.com/lists/oss-security/2011/02/23/21 http://openwall.com/lists/oss-security/2011/02/23/4 http://securityreason.com/securityalert/8115 http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git6.log http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt http://www.securityfocus.com/archive/1/516615/100/0/threaded http: • CWE-369: Divide By Zero •
CVE-2011-1020 – Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation
https://notcve.org/view.php?id=CVE-2011-1020
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. La implementación del sistema de ficheros proc en el Kernel de Linux v2.6.37 y anteriores no restringe el acceso a un proceso del árbol del directorio /proc después de realizar este un proceso exec en un programa setuid, permite a usuarios locales obtener información sensible o provocar una denegación de servicio a través de llamadas open, lseek, read y write al sistema. Linux kernel version 2.6.32 (Ubuntu 10.04) suffers from a /proc handling setuid privilege escalation vulnerability. • https://www.exploit-db.com/exploits/41770 http://openwall.com/lists/oss-security/2011/02/24/18 http://openwall.com/lists/oss-security/2011/02/25/2 http://seclists.org/fulldisclosure/2011/Jan/421 http://secunia.com/advisories/43496 http://securityreason.com/securityalert/8107 http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface http://www.securityfocus.com/bid/46567 https://exchange.xforce.ibmcloud.com/vulnerabilities/65693 https://lkml.org/lkml/2011/2/10/21 htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-1016 – kernel: drm/radeon/kms: check AA resolve registers on r300
https://notcve.org/view.php?id=CVE-2011-1016
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. El driver Radeon GPU en el Kernel de Linux anterior a v2.6.38-rc5 no valida adecuadamente datos relacionados con el registro AA resolve, lo que permite a usuarios locales escribir en lugares de memoria de su elección asociado con (1) Video RAM (también conocido como VRAM) o (2) el Graphics Translation Table (GTT) a través de valores manipulados. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fff1ce4dc6113b6fdc4e3a815ca5fd229408f8ef http://openwall.com/lists/oss-security/2011/02/24/11 http://openwall.com/lists/oss-security/2011/02/24/3 http://openwall.com/lists/oss-security/2011/02/25/4 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5 http://www.securityfocus.com/bid/46557 https://bugzilla.redhat.com/show_bug.cgi?id=680000 https://exchange.xforce. • CWE-20: Improper Input Validation •
CVE-2011-1010 – kernel: fs/partitions: Validate map_count in Mac partition tables
https://notcve.org/view.php?id=CVE-2011-1010
Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table. Desbordamiento de búfer en la función mac_partition en fs/partitions/mac.c en el kernel de Linux anteriores a v2.6.37.2, permite a usuarios locales causar una denegación de servicio (pánico) o posiblemente tener un impacto no especificado a través de una tabla de particiones con formato incorrecto de Mac OS. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa7ea87a057958a8b7926c1a60a3ca6d696328ed http://openwall.com/lists/oss-security/2011/02/22/11 http://openwall.com/lists/oss-security/2011/02/22/15 http://openwall.com/lists/oss-security/2011/02/22/3 http://secunia.com/advisories/46397 http://securityreason.com/securityalert/8115 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37.2 http://www.pre-cert.de/advisories/PRE-SA-20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •