CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 4CVE-2011-1020 – Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation
https://notcve.org/view.php?id=CVE-2011-1020
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. La implementación del sistema de ficheros proc en el Kernel de Linux v2.6.37 y anteriores no restringe el acceso a un proceso del árbol del directorio /proc después de realizar este un proceso exec en un programa setuid, permite a usuarios locales obtener información sensible o provocar una denegación de servicio a través de llamadas open, lseek, read y write al sistema. Linux kernel version 2.6.32 (Ubuntu 10.04) suffers from a /proc handling setuid privilege escalation vulnerability. • https://www.exploit-db.com/exploits/41770 http://openwall.com/lists/oss-security/2011/02/24/18 http://openwall.com/lists/oss-security/2011/02/25/2 http://seclists.org/fulldisclosure/2011/Jan/421 http://secunia.com/advisories/43496 http://securityreason.com/securityalert/8107 http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface http://www.securityfocus.com/bid/46567 https://exchange.xforce.ibmcloud.com/vulnerabilities/65693 https://lkml.org/lkml/2011/2/10/21 htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1016 – kernel: drm/radeon/kms: check AA resolve registers on r300
https://notcve.org/view.php?id=CVE-2011-1016
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. El driver Radeon GPU en el Kernel de Linux anterior a v2.6.38-rc5 no valida adecuadamente datos relacionados con el registro AA resolve, lo que permite a usuarios locales escribir en lugares de memoria de su elección asociado con (1) Video RAM (también conocido como VRAM) o (2) el Graphics Translation Table (GTT) a través de valores manipulados. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fff1ce4dc6113b6fdc4e3a815ca5fd229408f8ef http://openwall.com/lists/oss-security/2011/02/24/11 http://openwall.com/lists/oss-security/2011/02/24/3 http://openwall.com/lists/oss-security/2011/02/25/4 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5 http://www.securityfocus.com/bid/46557 https://bugzilla.redhat.com/show_bug.cgi?id=680000 https://exchange.xforce. • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1010 – kernel: fs/partitions: Validate map_count in Mac partition tables
https://notcve.org/view.php?id=CVE-2011-1010
Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table. Desbordamiento de búfer en la función mac_partition en fs/partitions/mac.c en el kernel de Linux anteriores a v2.6.37.2, permite a usuarios locales causar una denegación de servicio (pánico) o posiblemente tener un impacto no especificado a través de una tabla de particiones con formato incorrecto de Mac OS. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa7ea87a057958a8b7926c1a60a3ca6d696328ed http://openwall.com/lists/oss-security/2011/02/22/11 http://openwall.com/lists/oss-security/2011/02/22/15 http://openwall.com/lists/oss-security/2011/02/22/3 http://secunia.com/advisories/46397 http://securityreason.com/securityalert/8115 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37.2 http://www.pre-cert.de/advisories/PRE-SA-20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2011-0999 – kernel: thp: prevent hugepages during args/env copying into the user stack
https://notcve.org/view.php?id=CVE-2011-0999
mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application. mm/huge_memory.c en el kernel de Linux anterior a f2.6.38-rc5 no impide la creación de una transparent huge page (THP) durante la existencia de una pila temporal para una llamada al sistema exec, que permite a usuarios locales causar una denegación de servicio (consumo de memoria) o posiblemente tener un impacto no especificado a través de una aplicación manipulado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31 http://openwall.com/lists/oss-security/2011/02/17/3 http://openwall.com/lists/oss-security/2011/02/17/6 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5 http://www.securityfocus.com/bid/46442 https://bugzilla.redhat.com/show_bug.cgi?id=678209 https://exchange.xforce.ibmcloud.com/vulnerabilities/65535 https://access.redhat.com/se • CWE-400: Uncontrolled Resource Consumption •
CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0CVE-2011-0710 – kernel: s390 task_show_regs infoleak
https://notcve.org/view.php?id=CVE-2011-0710
The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel before 2.6.38-rc4-next-20110216 on the s390 platform allows local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/. La función task_show_regs en arch/s390/kernel/traps.c en el kernel Linux antes de v2.6.38-rc4-next-20110216 en la plataforma s390 permite a usuarios locales obtener los valores de los registros de un proceso de su elección mediante la lectura del archivo del proceso en /proc. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=261cd298a8c363d7985e3482946edb4bfedacf98 http://openwall.com/lists/oss-security/2011/02/16/3 http://openwall.com/lists/oss-security/2011/02/16/9 http://secunia.com/advisories/46397 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110216.bz2 http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/46421 http://www.vmware.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •