CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2010-2492 – kernel: ecryptfs_uid_hash() buffer overflow
https://notcve.org/view.php?id=CVE-2010-2492
Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors. Vulnerabilidad de desbordamiento de búfer en la macro ecryptfs_uid_hash en fs/ecryptfs/messaging.c del subsistema eCryptfs del kernel de Linux anterior a v2.6.35, podría permitir a a usuarios locales obtener privilegios o provocar una denegación de servicio (caída de sistema) a través de vectores no especificados. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6f80fb7b5986fda663d94079d3bba0937a6b6ff http://secunia.com/advisories/42890 http://secunia.com/advisories/46397 http://support.avaya.com/css/P8/documents/100113326 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.mandriva.com/security/advisories?name=MDVSA-2010:172 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.redhat.com/support/errata/RHSA-2010-0723&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2010-2071
https://notcve.org/view.php?id=CVE-2010-2071
The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl. La función btrfs_xattr_set_acl en fs/btrfs/acl.c en btrfs en el kernel de linux v2.6.34 y anteriores no valida quien es el propietario de un archivo antes de establecer una ACL, lo que permite a usuarios locales evitar los permisos de fichero estableciendo ACLs de su elección como se ha demostrado usando setfacl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba http://lkml.org/lkml/2010/5/17/544 http://www.openwall.com/lists/oss-security/2010/06/11/3 http://www.openwall.com/lists/oss-security/2010/06/14/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 33EXPL: 3CVE-2010-1636 – Linux Kernel 2.6.x - Btrfs Cloned File Security Bypass
https://notcve.org/view.php?id=CVE-2010-1636
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor. La función btrfs_ioctl_clone en fs/btrfs/ioctl.c en la funcionalidad btrfs del kernel de Linux v2.6.29 a v2.6.32, y posiblemente otras versiones, no garantiza que un descriptor de archivo clonado ha sido abierto solo para lectura, lo cual permite leer información sensible de un descriptor de fichero de solo escritura a usuarios locales del sistema. • https://www.exploit-db.com/exploits/34001 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395 http://www.openwall.com/lists/oss-security/2010/05/18/10 http://www.openwall.com/lists/oss-security/2010/05/18/2 http://www.openwall.com/lists/oss-security/2010/05/25/8 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585 https://bugzilla.redhat.com/show_bug.cgi?id=593226 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 303EXPL: 0CVE-2008-7256 – kernel: nfsd: fix vm overcommit crash
https://notcve.org/view.php?id=CVE-2008-7256
mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1643. Vulnerabilidad en el fichero mm/shmem.c para el kernel de Linux anterior a v2.6.28-rc8, cuando "strict overcommint" está habilitado y "CONFIG_SECURITY" deshabilitado, no maneja correctamente la exportación del objeto "shmemfs" por "knfsd", lo cual permite a atacantes provocar una denegación de servicio. NOTA: esta vulnerabilidad existe debido a una incompleta correción para la vulnerabilidad CVE-2010-1643. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1b79cd04fab80be61dcd2732e2423aafde9a4c1c http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc8 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.openwall.com/lists/oss-security/2010/05/27/1 https://bugzilla.redhat.com/show_bug.cgi?id=595970 https://exchange.xforce.ibmcloud.com/vulnerabilities/59224 https://access.redhat.com/security/cve/CVE-2008- •
CVSS: 6.9EPSS: 0%CPEs: 293EXPL: 0CVE-2010-1643 – kernel: nfsd: fix vm overcommit crash
https://notcve.org/view.php?id=CVE-2010-1643
mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad en el fichero mm/shmem.c para el kernel de Linux anterior a v2.6.28-rc3, cuando "strict overcommint" está habilitado no maneja correctamente la exportación del objeto "shmemfs" por "knfsd", lo cual permite a atacantes provocar una denegación de servicio. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=731572d39fcd3498702eda4600db4c43d51e0b26 http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://secunia.com/advisories/40645 http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.28/ChangeLog-2.6.28-rc3 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.openwall.com/lists/oss& •