Page 572 of 4990 results (0.017 seconds)

CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 1

CVE-2018-13405 – Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass

https://notcve.org/view.php?id=CVE-2018-13405

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. La función inode_init_owner en fs/inode.c en el kernel de Linux hasta la versión 3.16 permite a los usuarios locales crear archivos con una propiedad de grupo no deseada, en un escenario donde un directorio es SGID a un cierto grupo y es escribible por un usuario que no es miembro de ese grupo. • https://www.exploit-db.com/exploits/45033 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 http://openwall.com/lists/oss-security/2018/07/13/2 http://www.securityfocus.com/bid/106503 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2019:0717 https://access.redhat.com/errata/RHSA- • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-13406

https://notcve.org/view.php?id=CVE-2018-13406

An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. Un desbordamiento de enteros en la función uvesafb_setcmap en drivers/video/fbdev/uvesafb.c en el kernel de Linux en versiones anteriores a la 4.17.4 podría resultar en que los atacantes locales puedan cerrar inesperadamente el kernel o elevar privilegios debido a que no se emplea kmalloc_array. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713 http://www.securityfocus.com/bid/104685 http://www.securitytracker.com/id/1041355 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4 https://github.com/torvalds/linux/commit/9f645bcc566a1e9f921bdae7528a01ced5bc3713 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://usn.ubuntu.com/3752-1 https://usn.ubuntu.com/3752-2 https://usn.ubuntu.com& • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-13098

https://notcve.org/view.php?id=CVE-2018-13098

An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. Se ha descubierto un problema en fs/f2fs/inode.c en el kernel de Linux hasta la versión 4.17.3. Puede ocurrir una denegación de servicio (lectura fuera de límites de slab y BUG) para una imagen de sistema de archivos f2fs modificada en el que FI_EXTRA_ATTR está establecido en un inode. • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html https://bugzilla.kernel.org/show_bug.cgi?id=200173 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76d56d4ab4f2a9e4f085c7d77172194ddaccf7d2 https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4118-1 • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2018-13100

https://notcve.org/view.php?id=CVE-2018-13100

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. Se ha descubierto un problema en fs/f2fs/super.c en el kernel de Linux hasta la versión 4.17.3, que no valida correctamente secs_per_zone en una imagen f2f corrupta, tal y como queda demostrado con un error de división entre cero. • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.securityfocus.com/bid/104679 https://bugzilla.kernel.org/show_bug.cgi?id=200183 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42bf546c1fe3f3654bdf914e977acbc2b80a5be5 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://seclists.org/bugtraq/2019/Jan/52 https • CWE-369: Divide By Zero •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-13097

https://notcve.org/view.php?id=CVE-2018-13097

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG). Se ha descubierto un problema en fs/f2fs/super.c en el kernel de Linux hasta la versión 4.17.3. Existe una error de lectura fuera de límites o de división entre cero para un user_block_count incorrecto en una imagen f2fs corrupta, conduciendo a una denegación de servicio (BUG). • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://bugzilla.kernel.org/show_bug.cgi?id=200171 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9dc956b2c8523aed39d1e6508438be9fea28c8fc https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://seclists.org/bugtraq/2019/Jan/52 https://usn.ubuntu.com/3932-1 https:/&#x • CWE-125: Out-of-bounds Read CWE-369: Divide By Zero •