Page 575 of 2995 results (0.032 seconds)

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1

The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl. La función btrfs_xattr_set_acl en fs/btrfs/acl.c en btrfs en el kernel de linux v2.6.34 y anteriores no valida quien es el propietario de un archivo antes de establecer una ACL, lo que permite a usuarios locales evitar los permisos de fichero estableciendo ACLs de su elección como se ha demostrado usando setfacl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba http://lkml.org/lkml/2010/5/17/544 http://www.openwall.com/lists/oss-security/2010/06/11/3 http://www.openwall.com/lists/oss-security/2010/06/14/2 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.6EPSS: 0%CPEs: 160EXPL: 0

The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. La función "do_gfs2_set_flags" en "fs/gfs2/file.c" del kernel de Linux anterior a v2.6.34-git10 no comprueba el propietario del archivo, lo que permite a usuarios locales evitar restricciones de acceso intencionadas a través de peticiones SETFLAGS ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7df0e0397b9a18358573274db9fdab991941062f http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html http://secunia.com/advisories/40645 http://secunia.com/advisories/43315 http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/incr/patch-2.6.34-git9-git10.bz2 http://www.openwall.com/lists/oss-security/2010/05/25/1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 4

Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. Condición de carrera en la función find_keyring_by_name en security/keys/keyring.c el el kernel de Linux v2.6.34-rc5 y anteriores, permite usuarios locales provocar una denegación de servicio (corrupción de memoria y caída del sistema) o posiblemente tener otros impactos, mediante comandos de sesión "keyctl" que provocan el acceso a una secuencia de pulsaciones en desuso que está bajo un borrado en la función key_cleanup. • https://www.exploit-db.com/exploits/33886 http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://marc.info/?l=linux-kernel&m=127192182917857&w=2 http://marc.info/?l=linux-kernel&m=127274294622730&w=2 http://marc.info/?l=linux-kernel&m=127292492727029&w=2 http://secunia.com/advisories/39830 http://secunia.com/advisories/40218 http://secunia.com/advisories/40645 http://secunia.com/advisories/43315 http://www.debian.org/security/2010/dsa-205 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 3

The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application. La implementación TSB I-TLB en arch/sparc/kernel/tsb.S en el kernel de Linux anterior a v2.6.33 en plataformas SPARC, no obtiene de forma adecuada ciertos bits _PAGE_EXEC_4U y consecuentemente no implementa de forma adecuada una pila no-ejecutable, lo que facilita a atacantes dependiendo del contexto explotar desbordamientos de búfer basados en pila a través de aplicaciones manipuladas. • http://marc.info/?l=linux-sparc&m=126662159602378&w=2 http://marc.info/?l=linux-sparc&m=126662196902830&w=2 http://secunia.com/advisories/39830 http://www.debian.org/security/2010/dsa-2053 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33 http://www.openwall.com/lists/oss-security/2010/02/24/1 http://www.openwall.com/lists/oss-security/2010/05/05/2 • CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 57%CPEs: 405EXPL: 5

The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data. La función sctp_process_unk_param en net/sctp/sm_make_chunk.c en el kernel de Linux v2.6.33.3 y anteriores, cuando está activado SCTP, permite a atacantes remotos provocar una denegación de servicio (caída del sistema) a través de un paquete SCTPChunkInit que contiene múltiples parámetros inválidos que requieren una cantidad grande de datos de error. • https://www.exploit-db.com/exploits/14594 http://article.gmane.org/gmane.linux.network/159531 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809 http://kbase.redhat.com/faq/docs/DOC-31052 http://marc.info/?l=oss-security&m=127251068407878&w=2 http://secunia.com/advisories/39830 http://secunia.com/advisories/40218 http://secunia.com/advisories/43315 http://www.debian.org/security/2010/dsa-2053 http://www • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •