Page 611 of 3772 results (0.049 seconds)

CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0

The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic. La función sctp_packet_config en net/sctp/output.c en el kernel de Linux anterior a v2.6.35.6, realiza un inicialización extraña de la estructura de paquetes de datos, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de una determinada secuencia de tráfico SCTP. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4bdab43323b459900578b200a4b8cf9713ac8fab http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://marc.info/?l=linux-netdev&m=128453869227715&w=3 http://marc.info/?l=oss-security&m=128534569803598&w=2 http://marc.info/?l=oss-security&m=128537701808336&w=2 http://secunia.com/advisories/42400 http://secunia&# • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.2EPSS: 0%CPEs: 13EXPL: 3

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. drivers/media/video/v4l2-compat-ioctl32.c en la implementación de Video4Linux (V4L) en kernel de Linux anteriores a v2.6.36 en plataformas de 64 bits no valida el destino de una operación de copia de memoria, lo cual permite a usuarios locales escribir en lugares de memoria del núcleo a su elección, y en consecuencia obtener privilegios, a través de una llamada VIDIOCSTUNER ioctl en un dispositivo /dev/video, seguida por una llamada VIDIOCSMICROCODE ioctl en este dispositivo. • https://www.exploit-db.com/exploits/15344 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3e645d6b485446c54c6745c5e2cf5c528fe4deec http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html http://secunia.com/advisories/42745 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org&#x • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 3

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. La función rds_page_copy_user de net/rds/page.c en la implementación del protocolo "Reliable Datagram Sockets" (RDS) del kernel de Linux en versiones anteriores a la 2.6.36 no valida apropiadamente las direcciones obtenidas del espacio de usuario, lo que permite a usuarios locales escalar privilegios a través de un uso manipulado de las llamadas del sistema sendmsg y recvmsg. Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. • https://www.exploit-db.com/exploits/44677 https://www.exploit-db.com/exploits/15285 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=799c10559d60f159ab2232203f222f18fa3c4a5f http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest. El fichero arch/x86/hvm/vmx/vmcs.c en la implementación de la estructura de control de máquina virtual (VMCS) en el kernel de Linux v2.6.18 de Linux en Red Hat Enterprise Linux (RHEL) 5, cuando se usa una plataforma de Intel sin la funcionalidad de Tabla de páginas extendida(EPT), tiene acceso a los campos VMCS sin verificar el soporte de hardware para estos campos, lo que permite a usuarios locales causar una denegación de servicio (caida del sistema operativo) pidiendo un dump de VMCS para un huésped Xen totalmente virtualizado. • http://secunia.com/advisories/46397 http://support.avaya.com/css/P8/documents/100113326 http://www.redhat.com/support/errata/RHSA-2010-0723.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/43578 http://www.vmware.com/security/advisories/VMSA-2011-0012.html http://xenbits.xensource.com/xen-unstable.hg?rev/15911 https://bugzilla.redhat.com/show_bug.cgi?id=620490 https://access.redhat.com/security/cve/CVE-2010-2938 • CWE-399: Resource Management Errors •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1

Race condition in the hvc_close function in drivers/char/hvc_console.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service or possibly have unspecified other impact by closing a Hypervisor Virtual Console device, related to the hvc_open and hvc_remove functions. Condición de carrera en la función hvc_close en drivers/char/hvc_console.c en el kernel de Linux anterior a v2.6.34, permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el cierre del dispositivo Hypervisor Virtual Console, relacionado con las funciones hvc_open y hvc_remove. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=320718ee074acce5ffced6506cb51af1388942aa http://lkml.org/lkml/2010/3/3/207 http://patchwork.kernel.org/patch/83353 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 http://www.openwall.com/lists/oss-security/2010/03/04/3 http://www.openwall.com/lists/oss-security/2010/04/17/2 http://www.openwall.com/lists/oss-security/2010/04/18/1 http://www.openwall.com/lists&#x • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •