Page 564 of 2841 results (0.016 seconds)

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1

CVE-2016-3672 – Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited

https://notcve.org/view.php?id=CVE-2016-3672

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. La función arch_pick_mmap_layout en arch/x86/mm/mmap.c en el kernel de Linux hasta la versión 4.5.2 no maneja de forma aleatoria el legado de la dirección base, lo que hace más fácil a usuarios locales romper las restricciones destinadas en los indicadores ADDR_NO_RANDOMIZE, y eludir el mecanismo de protección ASLR para programas setuid o setid, deshabilitando los límites de recursos del consumo de pila. A weakness was found in the Linux ASLR implementation. Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMIT_STACK resource to unlimited. • https://www.exploit-db.com/exploits/39669 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182524.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/open • CWE-254: 7PK - Security Features CWE-341: Predictable from Observable State •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2016-2383

https://notcve.org/view.php?id=CVE-2016-2383

The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions. La función adjust_branches en kernel/bpf/verifier.c en el kernel de Linux en versiones anteriores a 4.5 no tiene en cuenta el delta en el caso de salto de retroceso, lo que permite a usuarios locales obtener información sensible del kernel de memoria creando un filtro de paquetes y posteriormente cargando instrucciones BPF manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1b14d27ed0965838350f1377ff97c93ee383492 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.openwall.com/lists/oss-security/2016/02/14/1 http://www.ubuntu.com/usn/USN-2947-1 http://www.ubuntu.com/usn/USN-2947-2 http://www.ubuntu.com/usn/USN-2947-3 https://bugzilla.redhat.com/show_bug.cgi?id=1308452 https://github.com/torvalds/linux/commit/a1b14d27ed0965838350f1377ff97c93ee3834 •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2016-3135 – Linux Kernel 3.10/3.18 /4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption

https://notcve.org/view.php?id=CVE-2016-3135

Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. Desbordamientos de enteros en la función xt_alloc_table_info en net/netfilter/x_tables.c en el kernel de Linux hasta la versión 4.5.2 en plataformas de 32-bit permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria dinámica) a través de una llamada IPT_SO_SET_REPLACE setsockopt. • https://www.exploit-db.com/exploits/39545 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d157bd761585605b7882935ffb86286919f62ea1 http://www.securityfocus.com/bid/84305 http://www.ubuntu.com/usn/USN-2930-1 http://www.ubuntu.com/usn/USN-2930-2 http://www.ubuntu.com/usn/USN-2930-3 http://www.ubuntu.com/usn/USN-3054-1 http://www.ubuntu.com/usn/USN-3055-1 http://www.ubuntu.com/usn/USN-3056-1 http://www.ubuntu.com/usn/USN • CWE-189: Numeric Errors •

CVSS: 8.4EPSS: 0%CPEs: 16EXPL: 1

CVE-2016-3134 – Linux Kernel 3.10/3.18 /4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption

https://notcve.org/view.php?id=CVE-2016-3134

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. El subsistema netfilter en el kernel de Linux hasta la versión 4.5.2 no válida ciertos campos de desplazamiento, lo que permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria dinámica) a través de una llamada IPT_SO_SET_REPLACE setsockopt. A security flaw was found in the Linux kernel in the mark_source_chains() function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to have a large "next_offset" field. This field is not bounds checked prior to writing to a counter value at the supplied offset. • https://www.exploit-db.com/exploits/39545 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.9EPSS: 0%CPEs: 18EXPL: 1

CVE-2016-2185 – Linux ati_remote2 Null Pointer Dereference

https://notcve.org/view.php?id=CVE-2016-2185

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. La función ati_remote2_probe en drivers/input/misc/ati_remote2.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un valor de dispositivos finales manipulado en un descriptor de dispositivo USB. Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the ati_remote2 driver. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html http://lists.opensuse.org •