CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3286 – kernel: O_EXCL creates on NFSv4 are broken
https://notcve.org/view.php?id=CVE-2009-3286
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails. NFSv4 en el kernel de Linux versión 2.6.18, y posiblemente otras versiones, no limpia apropiadamente un inode cuando se produce un fallo de creación de O_EXCL, lo que causa que los archivos se creen con configuraciones no confiables, tales como bits setuid, y posiblemente permite a los usuarios locales alcanzar privilegios, relacionados con la ejecución de la función do_open_permission incluso cuando se produce un fallo en una creación. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=81ac95c5 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://secunia.com/advisories/37105 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://www.openwall.com/lists/oss-security/2009/09/21/2 http://www.ubuntu.com/usn/USN-852-1 http://www.vupen.com/english/advi • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 3CVE-2009-3288
https://notcve.org/view.php?id=CVE-2009-3288
The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device. La función sg_build_indirect en drivers/scsi/sg.c en el kernel de linux v 2.6.28-rc1 a la v2.6.31-rc8 emplea una variable incorrecta cuando accede a una matriz, lo que permite a usuarios locales provocar una denegación de servicio (Kernel OOPS y una deferencia a puntero NULL), como se ha demostrado usando xcdroast para duplicar un CD. NOTA: esto es explotable únicamente por usuarios que pueden abrir la unidad de CD. • http://lkml.org/lkml/2009/9/3/1 http://lkml.org/lkml/2009/9/3/107 http://secunia.com/advisories/37105 http://www.openwall.com/lists/oss-security/2009/09/03/4 http://www.ubuntu.com/usn/USN-852-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3280
https://notcve.org/view.php?id=CVE-2009-3280
Integer signedness error in the find_ie function in net/wireless/scan.c in the cfg80211 subsystem in the Linux kernel before 2.6.31.1-rc1 allows remote attackers to cause a denial of service (soft lockup) via malformed packets. Error de presencia de signo en entero en la función find_ie en net/wireless/scan.c en el subsistema cfg80211 del kernel de linux anterior a v2.6.31.1-rc1, permite a atacantes remotos provocar una denegación de servicio (cuelgue -soft lockup) a través de paquetes mal formados. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fcc6cb0c13555e78c2d47257b6d1b5e59b0c419a http://patchwork.kernel.org/patch/45106 http://www.kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.31.1-rc1.bz2 http://www.openwall.com/lists/oss-security/2009/09/16/2 http://www.securityfocus.com/bid/36421 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2009-3238 – kernel: random: add robust get_random_u32, remove weak get_random_int
https://notcve.org/view.php?id=CVE-2009-3238
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time." La función get_random_int de drivers/char/random.c en el kernel de Linux anterior a v2.6.30, produce números que nos son suficientemente aleatorios, esto permite a los atacantes predecir el valor devuelto y permite que se puedan superar los mecanismos de protección basados en la aleatoriedad, a través de vectores que eleven la tendencia de la función a "devolver el mismo valor una y otra vez durante largos periodos de tiempo". • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://patchwork.kernel.org/patch/21766 http://secunia.com/advisories/37105 http://secunia.com/advisories/37351 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30 http://www.redhat.com/support/errata/RHSA-2009& • CWE-330: Use of Insufficiently Random Values CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1883 – kernel: missing capability check in z90crypt
https://notcve.org/view.php?id=CVE-2009-1883
The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage. La función z90crypt_unlocked_ioctl en el controlador z90crypt del kernel de Linux v2.6.9, no realiza una comprobaciónd e capacidad en la operación Z90QUIESCE, esto permite a usuarios locales elevar los privilegios euid 0 para forzar una parada en el controlador. • http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html http://secunia.com/advisories/36759 http://secunia.com/advisories/37105 http://www.openwall.com/lists/oss-security/2009/09/15/1 http://www.openwall.com/lists/oss-security/2009/09/15/3 http://www.redhat.com/support/errata/RHSA-2009-1438.html http://www.ubuntu.com/usn/USN-852-1 https://bugzilla.redhat.com/show_bug.cgi?id=505983 https://oval.cisecurity.org/repository/search/definition/oval%3Aor • CWE-264: Permissions, Privileges, and Access Controls •