CVSS: 4.7EPSS: 0%CPEs: 138EXPL: 0CVE-2010-0007 – kernel: netfilter: ebtables: enforce CAP_NET_ADMIN
https://notcve.org/view.php?id=CVE-2010-0007
net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. net/bridge/netfilter/ebtables.c en el módulo ebtables en netfilter framework en el kernel de Linux anterior a v2.6.33-rc4 no requiere de la capacidad CAP_NET_ADMIN para establecer o modificar reglas, lo que permite a usuarios locales evitar las restricciones de acceso establecidas y configurar filtrado de tráfico de red de su elección a través de la aplicación ebtables modificada • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dce766af541f6605fa9889892c0280bab31c66ab http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html http://li • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 139EXPL: 3CVE-2009-4141 – Linux Kernel < 2.6.28 - 'fasync_helper()' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4141
Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file. Vulnerabilidad de uso anterior a la liberación en la función fasync_helper en fs/fcntl.c en el kernel de Linux anterior a v2.6.33 permite a usuarios locales obtener privilegios a través de vectores que incluyen habilitado O_ASYNC (también conocido como FASYNC o FIOASYNC) sobre un fichero bloqueado, y cerrando después este fichero. • https://www.exploit-db.com/exploits/33523 http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0252.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=53281b6d34d44308372d16acb7fb5327609f68b6 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html http://lock.cmpxchg8b.com/5ebe2294ecd0e0f08eab7690d2a6ee69/create_elf_tables.c http://secunia.com/advisories/38199 http://secunia.com/advisories/39033 http://support.avaya.com/css/P8/documents/10007 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 414EXPL: 1CVE-2009-2406 – kernel: ecryptfs stack overflow in parse_tag_11_packet()
https://notcve.org/view.php?id=CVE-2009-2406
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. Desbordamiento de búfer basado en pila en la función parse_tag_11_packet en fs/ecryptfs/keystore.c en el subsistema eCryptfs del kernel de Linux anteriores a v2.6.30.4 permite a usuarios locales provocar una denegación de servicio (finalización del sistema) o posiblemente obtener mayores privilegios mediante vectores que utilizan un fichero eCryptfs modificado, relacionados con la no comprobación de que la longitud de la clave de firma en un paquete "Tag 11" es compatible con el tamaño del búfer de la clave de firma. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6352a29305373ae6196491e6d4669f301e26492e http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://risesecurity.org/advisories/RISE-2009002.txt http://secunia.com/advisories/35985 http://secunia.com/advisories/36045 http://secunia.com/advisories/36051 http://secunia.com/advisories/36054 http://secunia.com/advisories/36116 http://secunia.com/advisories/36131 http://secunia.com/advisories/37 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 10%CPEs: 412EXPL: 1CVE-2009-1389 – kernel: r8169: fix crash when large packets are received
https://notcve.org/view.php?id=CVE-2009-1389
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet. Desbordamiento de memoria en el driver RTL8169 NIC (drivers/net/r8169.c) en el kernel de Linux anteriores a v2.6.30 permite a atacantes remotos producir una denegación de servicio (consumo de memoria del kernel y caída) a través de un paquete largo. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=fdd7b4c3302c93f6833e338903ea77245eb510b4 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://lkml.org/lkml/2009/6/8/194 http://marc.info/?l=linux-netdev&m=123462461713724&w=2 http://secunia.com/advisories/35265 http://secunia.com/advisories/35566 http://secunia.com/advisories/35847 http://secunia& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 16%CPEs: 296EXPL: 0CVE-2008-2750
https://notcve.org/view.php?id=CVE-2008-2750
The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. La función pppol2tp_recvmsg de drivers/net/pppol2tp.c en el kernel de Linux 2.6 anterior a 2.6.26-rc6, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria en montículo del kernel y caída del sistema) y puede que tenga otros impactos no especificados, al utilizar un paquete PPPOL2TP que resulta en un valor largo para determinada longitud de variable. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b6707a50c7598a83820077393f8823ab791abf8 http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.26-rc6 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html http://secunia.com/advisories/30719 http://secunia.com/advisories/30901 http://secunia.com/advisories/30920 http://secunia.com/advisories/31107 http://secunia.com/advisories/31202 http://securitytracker.com/id?1020297 http:& • CWE-20: Improper Input Validation •