CVE-2012-3412 – kernel: sfc: potential remote denial of service through TCP MSS option
https://notcve.org/view.php?id=CVE-2012-3412
The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. El controlador sfc (también conocido como Solarflare Solarstorm) en el Kernel de Linux anteriores a v3.2.30 permite a atacantes remotos provocar una denegación de servicio (consumo de descriptor de DMA y fallo del controlador de red) a través de paquetes TCP manipulados que provocan valores MSS pequeños. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html http://rhn.redhat.com/errata/RHSA-2012-1323.html http://rhn.redhat.com/errata/RHSA-2012-1324.html http://rhn.redhat.com/errata/RHSA-2012-1347.html http://rhn.redhat.com/errata/RHSA-2012-1375.html http://rhn.redhat.com/errata/RHSA-2012-1401.html http://rhn.redhat.com/errata/RHSA-2012-1430.html http://secunia.com/advisories/50633 http://secunia.com/advisories/50732 http://secunia.com/advisori • CWE-189: Numeric Errors CWE-400: Uncontrolled Resource Consumption •
CVE-2012-3400 – kernel: udf: buffer overflow when parsing sparing table
https://notcve.org/view.php?id=CVE-2012-3400
Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. Desbordamiento de búfer basado en memoria dinámica en la función udf_load_logicalvol en fs/udf/super.c en el Kernel de Linux anteriores a v3.4.5, permite a atacantes remotos causar una denegación de servicio (caída del sistema) o posiblemente tener otro impacto no especificado a través de sistemas de ficheros UDF manipulados. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1df2ae31c724e57be9d7ac00d78db8a5dabdd050 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=adee11b2085bee90bd8f4f52123ffb07882d6256 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2013-0594.html http://secunia.com/advisories/50506 http://ubuntu.com/usn/usn-1529-1 • CWE-787: Out-of-bounds Write •
CVE-2012-3364
https://notcve.org/view.php?id=CVE-2012-3364
Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields. Múltiples desbordamientos de búfer basados en pila en Near Field Communication Controller Interface (NCI) en el kernel de Linux antes de v3.4.5 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de tramas de entrada con campos de longitud hechas a mano. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=67de956ff5dc1d4f321e16cfbd63f5be3b691b43 http://marc.info/?l=linux-kernel&m=134030878917784&w=2 http://ubuntu.com/usn/usn-1529-1 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5 http://www.openwall.com/lists/oss-security/2012/06/27/9 https://github.com/torvalds/linux/commit/67de956ff5dc1d4f321e16cfbd63f5be3b691b43 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-2745 – kernel: cred: copy_process() should clear child->replacement_session_keyring
https://notcve.org/view.php?id=CVE-2012-2745
The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. La función copy_creds en kernel/cred.c en el kernel de Linux anteriores a v3.3.2 ofrece un reemplazo invalido de claves de sesión a un proceso hijo, permitiendo a usuarios locales causar una denegación de servicio a través de una aplicación especialmente diseñada que utiliza la llamada al sistema fork • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=79549c6dfda0603dba9a70a53467ce62d9335c33 http://rhn.redhat.com/errata/RHSA-2012-1064.html http://secunia.com/advisories/50633 http://secunia.com/advisories/50853 http://secunia.com/advisories/50961 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2 http://www.securityfocus.com/bid/54365 http://www.securitytracker.com/id?1027236 http://www.ubuntu.com/usn/USN-1567-1 http://www.ub • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-2744 – kernel: netfilter: null pointer dereference in nf_ct_frag6_reasm()
https://notcve.org/view.php?id=CVE-2012-2744
net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. net/ipv6/netfilter/nf_conntrack_reasm.c en el kernel de Linux anterior a v2.6.34, cuando el módulo nf_conntrack_ipv6 está habilitado, permite a atacantes remotos causar una denegación de servicio (referencia de puntero a NULL y caída del sistema) mediante ciertos tipos de paquetes IPv6 fragmentados. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9e2dcf72023d1447f09c47d77c99b0c49659e5ce http://rhn.redhat.com/errata/RHSA-2012-1064.html http://rhn.redhat.com/errata/RHSA-2012-1148.html http://secunia.com/advisories/49928 http://www.securityfocus.com/bid/54367 http://www.securitytracker.com/id?1027235 https://bugzilla.redhat.com/show_bug.cgi?id=833402 https://github.com/torvalds • CWE-476: NULL Pointer Dereference •