CVSS: 2.1EPSS: 0%CPEs: 157EXPL: 0CVE-2006-2071
https://notcve.org/view.php?id=CVE-2006-2071
Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs. • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6 http://secunia.com/advisories/20157 http://secunia.com/advisories/20716 http://secunia.com/advisories/21035 http://secunia.com/advisories/22292 http://secunia.com/advisories/22497 http://secunia.com/advisories/22875 http://secunia.com/advisories/22945 http://secunia.com/advisories/23064 http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm ht •
CVSS: 2.1EPSS: 0%CPEs: 143EXPL: 0CVE-2006-1056
https://notcve.org/view.php?id=CVE-2006-1056
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. El kernel de Linux en versiones anteriores a 2.6.16.9 y el kernel de FreeBSD, cuando se ejecuta en AMD64 y otros procesadores AuthenticAMD de 7ª y 8ª generación, solo guarda/restablece los registros FOP, FIP y FDP x87 en FXSAVE/FXRSTOR cuando una excepción está pendiente, lo que permite un proceso para determinar las porciones del estado de instrucciones de punto flotante de otros procesos, lo que puede ser aprovechado para obtener información sensible como claves criptográficas. NOTA: este es un comportamiento documentado de procesadores AMD64, pero es inconsistente con procesadores Intel en una forma relevante para la seguridad que no fue abordada por los kernels. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc http://kb.vmware.com/kb/2533126 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lwn.net/Alerts/180820 http://marc.info/?l=linux-kernel&m=114548768214478&w=2 http://secunia.com/advisories/19715 http://secunia.com/advisories/19724 http://secunia.com/advisories/19735 http://secunia.com/advisories& • CWE-310: Cryptographic Issues •
CVSS: 4.9EPSS: 0%CPEs: 138EXPL: 0CVE-2006-0744
https://notcve.org/view.php?id=CVE-2006-0744
Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS. • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5 http://lwn.net/Alerts/180820 http://secunia.com/advisories/19639 http://secunia.com/advisories/19735 http://secunia.com/advisories/20157 http://secunia.com/advisories/20237 http://secunia.com/advisories/20398 http://secunia.com/advisories/20716 http://secunia.com/advisories/20914 http://secunia.com/advisories/21136 http://secunia.com/advisories/21179 http://secunia.com/advisories/21498 http://secunia. • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 80EXPL: 0CVE-2006-0558 – ia64 crash
https://notcve.org/view.php?id=CVE-2006-0558
perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local users to cause a denial of service (crash) by interrupting a task while another process is accessing the mm_struct, which triggers a BUG_ON action in the put_page_testzero function. perfmon (perfmon.c) en kernel de Linux en arquitecturas IA64 permiten a usuarios locales provocar una denegación de servicio (caída) mediante la interrupción de una tarea mientras otro proceso está accediendo al mm_struct, lo que desencadena una acción BUG_ON en la función put_page_testzero. • http://marc.info/?l=linux-ia64&m=113882384921688 http://secunia.com/advisories/19737 http://secunia.com/advisories/20914 http://secunia.com/advisories/26709 http://www.debian.org/security/2006/dsa-1103 http://www.redhat.com/support/errata/RHSA-2007-0774.html http://www.securityfocus.com/bid/17482 http://www.vupen.com/english/advisories/2006/1444 http://www.vupen.com/english/advisories/2006/2554 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=185082 https:// •
CVSS: 1.2EPSS: 0%CPEs: 74EXPL: 0CVE-2006-1066
https://notcve.org/view.php?id=CVE-2006-1066
Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack during the do_debug function call. El kernel de Linux 2.6.16-rc2 y versiones anteriores cuando se ejecutan sistemas x86_64 con prioridad activada, permite a usuarios locales provocar una denegación de servicio (oops) a través de múltiples tareas ptrace que realizan pasos individuales, lo que pueden provocar la corrupción de la pila DEBUG_STACK durante la llamada a la función do_debug. • http://marc.info/?l=linux-kernel&m=113932292516359&w=2 http://secunia.com/advisories/19374 http://secunia.com/advisories/19955 http://secunia.com/advisories/21614 http://www.debian.org/security/2006/dsa-1017 http://www.mandriva.com/security/advisories?name=MDKSA-2006:151 http://www.osvdb.org/24098 http://www.securityfocus.com/bid/17216 https://usn.ubuntu.com/281-1 •