Page 620 of 3772 results (0.027 seconds)

CVSS: 4.6EPSS: 0%CPEs: 160EXPL: 0

The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. La función "do_gfs2_set_flags" en "fs/gfs2/file.c" del kernel de Linux anterior a v2.6.34-git10 no comprueba el propietario del archivo, lo que permite a usuarios locales evitar restricciones de acceso intencionadas a través de peticiones SETFLAGS ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7df0e0397b9a18358573274db9fdab991941062f http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html http://secunia.com/advisories/40645 http://secunia.com/advisories/43315 http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/incr/patch-2.6.34-git9-git10.bz2 http://www.openwall.com/lists/oss-security/2010/05/25/1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 1.9EPSS: 0%CPEs: 39EXPL: 0

arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory, related to Fsl booke. arch/powerpc/mm/fsl_booke_mmu.c en KGDB del kernel de Linux v2.6.30 y otras versiones anteriores a la v2.6.33, cuando se ejecuta en PowerPC, no realiza apropiadamente una comprobación de seguridad para acceder a la página del kernel, lo que permite a usuarios locales sobreescribir arbitrariamente la memoria del kernel, relacionado con Fsl booke. • http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://lkml.org/lkml/2010/5/10/458 http://secunia.com/advisories/39830 http://secunia.com/advisories/40645 http://www.debian.org/security/2010/dsa-2053 http://www.openwall.com/lists/oss-security/2010/04/29/3 http://www.openwall.com/lists/oss-security/2010/04/29/9 http://www.openwall.com/lists/oss-security/2010/04/30/1 http://www.vupen.com/english/advisories/2010/1857 https:/ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system. gfs2 del kernel de Linux v2.6.18, y posiblemente otras versiones, no funciona adecuadamente cuando la estructura gfs2_quota ocupa dos páginas separadas, lo que permite a usuarios locales provocar una denegación de servicio (kernel panic) a través de ciertas manipulaciones que causan una escritura fuera de los límites, como se ha demostrado escribiendo desde un sistema de ficheros ext3 a un sistema de ficheros gfs2. • http://secunia.com/advisories/43315 http://www.openwall.com/lists/oss-security/2010/04/27/1 http://www.openwall.com/lists/oss-security/2010/04/28/1 http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=586006 https://exchange.xforce.ibmcloud.com/vulnerabilities/58839 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10652 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •

CVSS: 4.7EPSS: 1%CPEs: 9EXPL: 0

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation. El decodificador de instrucciones MMIO en el hipervisor Xen en el kernel Linux 2.6.18 en Red Hat Enterprise Linux (RHEL) 5 permite a los usuarios de los sistemas operativos huesped causar una denegación de servicio (cuelgue de sistema operativo huesped de 32-bit) a través de vectores que provocan una emulación de la instrucción sin especificar. • http://secunia.com/advisories/39649 http://secunia.com/advisories/43315 http://support.avaya.com/css/P8/documents/100088287 http://www.openwall.com/lists/oss-security/2010/05/07/1 http://www.redhat.com/support/errata/RHSA-2010-0398.html http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.securityfocus.com/bid/39979 http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=572971 https://oval.cise • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 4

Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. Condición de carrera en la función find_keyring_by_name en security/keys/keyring.c el el kernel de Linux v2.6.34-rc5 y anteriores, permite usuarios locales provocar una denegación de servicio (corrupción de memoria y caída del sistema) o posiblemente tener otros impactos, mediante comandos de sesión "keyctl" que provocan el acceso a una secuencia de pulsaciones en desuso que está bajo un borrado en la función key_cleanup. • https://www.exploit-db.com/exploits/33886 http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://marc.info/?l=linux-kernel&m=127192182917857&w=2 http://marc.info/?l=linux-kernel&m=127274294622730&w=2 http://marc.info/?l=linux-kernel&m=127292492727029&w=2 http://secunia.com/advisories/39830 http://secunia.com/advisories/40218 http://secunia.com/advisories/40645 http://secunia.com/advisories/43315 http://www.debian.org/security/2010/dsa-205 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •