CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4805 – kernel: unlimited socket backlog DoS
https://notcve.org/view.php?id=CVE-2010-4805
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251. La implementación del socket en net/core/sock.c en el kernel de Linux anteriores a v2.6.35 no maneja correctamente un retraso de los paquetes recibidos, lo que permite a atacantes remotos provocar una denegación de servicio mediante el envío de una gran cantidad de tráfico de la red, relacionados con la función sk_add_backlog y el campo de toma de sk_rmem_alloc. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2010-4251. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c377411f2494a931ff7facdbb3a6839b1266bcf6 http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.securityfocus.com/bid/46637 https://bugzilla.redhat.com/show_bug.cgi?id=657303 https://access.redhat.com/security/cve/CVE-2010-4805 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.0EPSS: 0%CPEs: 17EXPL: 1CVE-2011-1476
https://notcve.org/view.php?id=CVE-2011-1476
Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer. Un desbordamiento de entero en el subsistema 'Open Sound System' (OSS) del kernel de Linux en versiones anteriores a v2.6.39 en plataformas no-x86 permite a usuarios locales provocar una denegación de servicio (corrupción de memoria) mediante el aprovechamiento del acceso de escritura a /dev/sequencer. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b769f49463711205d57286e64cf535ed4daf59e9 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://www.openwall.com/lists/oss-security/2011/03/25/1 https://github.com/torvalds/linux/commit/b769f49463711205d57286e64cf535ed4daf59e9 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 2%CPEs: 17EXPL: 1CVE-2011-1493
https://notcve.org/view.php?id=CVE-2011-1493
Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket. Un error de indice de array en la función rose_parse_national en net/rose/rose_subr.c en versiones del kernel de Linux anteriores a v2.6.39 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria dinámica) o posiblemente tener un impacto no especificado mediante la composición de datos FAC_NATIONAL_DIGIS que especifican un gran número de 'digipeaters', y luego envian datos a un socket de 'ROSE'. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=be20250c13f88375345ad99950190685eda51eb8 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://www.openwall.com/lists/oss-security/2011/04/05/19 https://bugzilla.redhat.com/show_bug.cgi?id=770777 https://github.com/torvalds/linux/commit/be20250c13f88375345ad99950190685eda51eb8 •
CVSS: 2.1EPSS: 0%CPEs: 17EXPL: 1CVE-2011-1160 – kernel: tpm infoleaks
https://notcve.org/view.php?id=CVE-2011-1160
The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors. La función de tpm_open en drivers/char/tpm/tpm.c en el kernel de Linux anteriores a v2.6.39 no se inicializa un búfer concreto, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de vectores no especificados. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1309d7afbed112f0e8e90be9af975550caa0076b http://www.openwall.com/lists/oss-security/2011/03/15/13 https://bugzilla.redhat.com/show_bug.cgi?id=684671 https://github.com/torvalds/linux/commit/1309d7afbed112f0e8e90be9af975550caa0076b https://access.redhat.com/security/cve/CVE-2011-1160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 674EXPL: 0CVE-2011-1171 – kernel: ipv4: netfilter: ip_tables: fix infoleak to userspace
https://notcve.org/view.php?id=CVE-2011-1171
net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. net/ipv4/netfilter/ip_tables.c en la implementación de IPv4 en el kernel de Linux antes de v2.6.39 no coloca el caracter esperado '\ 0' al final de la cadena de datos en los valores de una estructura de miembros, lo que permite a usuarios locales obtener información sensible de la memoria del kernel mediante el aprovechamiento de la capacidad CAP_NET_ADMIN para emitir una petición manipulada, y leer el argumento del proceso modprobe resultante. • http://downloads.avaya.com/css/P8/documents/100145416 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=78b79876761b86653df89c48a7010b5cbd41a84a http://marc.info/?l=linux-kernel&m=129978077609894&w=2 http://rhn.redhat.com/errata/RHSA-2011-0833.html http://securityreason.com/securityalert/8278 http://securityreason.com/securityalert/8283 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://www.openwall.com/lists/oss-security/2011/03/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •