CVSS: 7.2EPSS: 0%CPEs: 315EXPL: 1CVE-2009-2695 – kernel: SELinux and mmap_min_addr
https://notcve.org/view.php?id=CVE-2009-2695
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs. El kernel de Linux antes de v2.6.31-rc7 no previene debidamente las operaciones nmap que apuntan a una pagina cero y otras direcciones de memoria bajas, lo que permite a usuarios locales obtener privilegios mediante la explotación de vulnerabilidades de desreferencia a puntero NULL, relacionados con (1) la configuración por defecto del boolano allow_unconfined_mmap_low en SELinux en Red Hat Enterprise Linux (RHEL) 5, (2) un error que provoca allow_unconfined_mmap_low para ser ignorado en el dominio unconfined_t, (3) la falta de un requisito de la capacidad CAP_SYS_RAWIO para estas nmap operaciones, y (4) la interacción entre el mecanismo de protección mmap_min_addr y algunos programas de aplicación. • http://danwalsh.livejournal.com/30084.html http://eparis.livejournal.com/606.html http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git%3Ba=commit%3Bh=47d439e9fb8a81a90022cfa785bf1c36c4e2aff6 http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git%3Ba=commit%3Bh=7c73875e7dda627040b12c19b01db634fa7f0fd1 http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git%3Ba=commit%3Bh=84336d1a77ccd2c06a730ddd38e695c2324a7386 http://git.kernel.org/?p=linux/kernel/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 5CVE-2009-2698 – Linux Kernel < 2.6.19 (Debian 4) - 'udp_sendmsg' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2698
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. La función udp_sendmsg en la implementación UDP en los archivos (1) net/ipv4/udp.c y (2) net/ipv6/udp.c en el kernel de Linux anterior a versión 2.6.19, permite a los usuarios locales obtener privilegios o causar una denegación de servicio (Desreferencia de puntero NULL y bloqueo de sistema) por medio de vectores que involucran el flag MSG_MORE y un socket UDP. • https://www.exploit-db.com/exploits/9575 https://www.exploit-db.com/exploits/9574 https://www.exploit-db.com/exploits/9542 https://github.com/xiaoxiaoleo/CVE-2009-2698 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1e0c14f49d6b393179f423abbac47f85618d3d46 http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html http://rhn.redhat.com/errata/RHSA-2009-1222.html http://rhn.redhat.com/errata/RHSA-2009-1223.html http://secunia.com&# • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 309EXPL: 1CVE-2009-2849 – kernel: md: NULL pointer deref when accessing suspend_* sysfs attributes
https://notcve.org/view.php?id=CVE-2009-2849
The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker. El driver md (drivers/md/md.c) en el kernel de Linux anteriores a 2.6.30.2 podría permitir a usuarios locales producir una denegación de servicio (referencia a un puntero nulo) a través de vectores relacionados con los " atributos suspend*sysfs" a la funciones (1) suspend_lo_store o (2) suspend_hi_store. NOTA: Esto se trata de una vulnerabilidad cuando sysfs puede ser escrito por un atacante. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git%3Ba=commit%3Bh=3c92900d9a4afb176d3de335dc0da0198660a244 http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://secunia.com/advisories/36501 http://secunia.com/advisories/37105 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.2 http://www.openwall.com/lists/oss-security/2009/07/24/1 http://www.openwal • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 316EXPL: 0CVE-2009-2846
https://notcve.org/view.php?id=CVE-2009-2846
The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function. La función eisa_eeprom_read en el componente the parisc isa-eeprom (drivers/parisc/eisa_eeprom.c) en el kernel de Linux anterior a v2.6.31-rc6 permite a usuarios locales acceder a memoria restringida a través de argumentos negativos ppos, lo que evita un control que asume que ppos es positivo y causa una lectura fuera de rango en la función readb. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=6b4dbcd86a9d464057fcc7abe4d0574093071fcc http://secunia.com/advisories/37105 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.openwall.com/lists/oss-security/2009/08/10/1 http://www.openwall.com/lists/oss-security/2009/08/18/6 http://www.ubuntu.com/usn/USN-852-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/52906 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 80EXPL: 2CVE-2009-2847 – Linux Kernel 2.6.31-rc5 - sigaltstack 4-Byte Stack Disclosure
https://notcve.org/view.php?id=CVE-2009-2847
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function. La función do_sigaltstack en kernel/signal.c en el kernel de Linux 2.6 antes de 2.6.31-RC5, cuando se ejecuta en sistemas de 64 bits, no limpia algunos octetos de relleno de una estructura, lo que permite a usuarios locales obtener información sensible de la pila del núcleo a través de la función sigaltstack. • https://www.exploit-db.com/exploits/9352 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=0083fc2c50e6c5127c2802ad323adf8143ab7856 http://rhn.redhat.com/errata/RHSA-2009-1243.html http://secunia.com/advisories/36136 http://secunia.com/advisories/36501 http://secunia.com/advisories/36562 http://secunia.com/advisories/36759 http://secunia.com/advisories/37105 http://secunia.com/advisories/37471 http://www.exploit-db.com/exploits/9352 http://w •