CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 4CVE-2012-0056 – Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0056
The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper. La función mem_write en el kernel de Linux anterior a versión 3.2.2, cuando ASLR está deshabilitado, no comprueba apropiadamente los permisos al escribir en /proc/(pid)/mem, lo que permite a los usuarios locales alcanzar privilegios al modificar la memoria del proceso, como es demostrado por Mempodipper . • https://www.exploit-db.com/exploits/35161 https://www.exploit-db.com/exploits/18411 https://github.com/pythonone/CVE-2012-0056 https://github.com/srclib/CVE-2012-0056 http://blog.zx2c4.com/749 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc http://secunia.com/advisories/47708 http://ubuntu.com/usn/usn-1336-1 http://www.kb.cert.org/vuls/id/470151 http://www.kernel.org/pub/linux/kernel/ • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 4%CPEs: 4EXPL: 2CVE-2012-0207 – Linux Kernel 2.6.36 IGMP - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2012-0207
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets. La función de igmp_heard_query net/ipv4/igmp.c en el kernel de Linux en versiones anteriores a la v3.2.1 permite a atacantes remotos causar una denegación de servicio (error de división por cero y el "kernel panic") a través de paquetes IGMP. • https://www.exploit-db.com/exploits/18378 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1 http://www.openwall.com/lists/oss-security/2012/01/10/5 https://bugzilla.redhat.com/show_bug.cgi?id=772867 https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b https://github.com& • CWE-369: Divide By Zero •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4611 – kernel: perf, powerpc: Handle events that raise an exception without overflowing
https://notcve.org/view.php?id=CVE-2011-4611
Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events. Desbordamiento de entero en la función perf_event_interrupt en arch/powerpc/kernel/perf_event.c en el núcleo de Linux anteriores a v2.6.39 en plataformas powerpc que permite a usuarios locales causar una denegación de servicio (excepción de no controlada del monitor de rendimiento) a través de vectores que activan la salida de ciertos eventos de rendimiento. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0837e3242c73566fc1c0196b4ec61779c25ffc93 http://www.openwall.com/lists/oss-security/2011/12/15/2 https://bugzilla.redhat.com/show_bug.cgi?id=767914 https://github.com/torvalds/linux/commit/0837e3242c73566fc1c0196b4ec61779c25ffc93 https://access.redhat.com/security/cve/CVE-2011-4611 • CWE-189: Numeric Errors •
CVSS: 6.4EPSS: 1%CPEs: 18EXPL: 1CVE-2011-4914
https://notcve.org/view.php?id=CVE-2011-4914
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. La implementación del protocolo ROSE en el kernel de Linux anteriores a v2.6.39 no verifica que algunos valores de la longitud de datos son consistentes con la cantidad de datos enviada, lo que podría permitir a atacantes remotos a obtener información sensible de la memoria del kernel o provocar una denegación de servicio (lectura fuera de los límites) a través de una cadena de datos manipulada sobre un socket ROSE. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0bccd315db0c2f919e7fcf9cb60db21d9986f52 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://www.openwall.com/lists/oss-security/2011/12/28/2 https://bugzilla.redhat.com/show_bug.cgi?id=770777 https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 1%CPEs: 11EXPL: 0CVE-2011-4348 – kernel: incomplete fix for CVE-2011-2482
https://notcve.org/view.php?id=CVE-2011-4348
Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482. Condición de carrera en la función sctp_rcv de net/sctp/input.c en el kernel Linux anteriores a v2.6.29 permite que atacantes remotos provoquen una denegación de servicio (sistema bloqueado) mediante paquetes SCTP. NOTA: en algunos entornos, este problema se produce por una corrección incompleta para CVE-2011-2482. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ae53b5bd77719fed58086c5be60ce4f22bffe1c6 http://www.openwall.com/lists/oss-security/2012/03/05/2 https://bugzilla.redhat.com/show_bug.cgi?id=757143 https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6 https://access.redhat.com/security/cve/CVE-2011-4348 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •