CVE-2010-1436 – kernel: gfs2 buffer overflow
https://notcve.org/view.php?id=CVE-2010-1436
gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system. gfs2 del kernel de Linux v2.6.18, y posiblemente otras versiones, no funciona adecuadamente cuando la estructura gfs2_quota ocupa dos páginas separadas, lo que permite a usuarios locales provocar una denegación de servicio (kernel panic) a través de ciertas manipulaciones que causan una escritura fuera de los límites, como se ha demostrado escribiendo desde un sistema de ficheros ext3 a un sistema de ficheros gfs2. • http://secunia.com/advisories/43315 http://www.openwall.com/lists/oss-security/2010/04/27/1 http://www.openwall.com/lists/oss-security/2010/04/28/1 http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=586006 https://exchange.xforce.ibmcloud.com/vulnerabilities/58839 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10652 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVE-2010-0730 – xen: emulator instruction decoding inconsistency
https://notcve.org/view.php?id=CVE-2010-0730
The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation. El decodificador de instrucciones MMIO en el hipervisor Xen en el kernel Linux 2.6.18 en Red Hat Enterprise Linux (RHEL) 5 permite a los usuarios de los sistemas operativos huesped causar una denegación de servicio (cuelgue de sistema operativo huesped de 32-bit) a través de vectores que provocan una emulación de la instrucción sin especificar. • http://secunia.com/advisories/39649 http://secunia.com/advisories/43315 http://support.avaya.com/css/P8/documents/100088287 http://www.openwall.com/lists/oss-security/2010/05/07/1 http://www.redhat.com/support/errata/RHSA-2010-0398.html http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.securityfocus.com/bid/39979 http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=572971 https://oval.cise • CWE-20: Improper Input Validation •
CVE-2010-1437 – Linux Kernel 2.6.34 - 'find_keyring_by_name()' Local Memory Corruption
https://notcve.org/view.php?id=CVE-2010-1437
Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. Condición de carrera en la función find_keyring_by_name en security/keys/keyring.c el el kernel de Linux v2.6.34-rc5 y anteriores, permite usuarios locales provocar una denegación de servicio (corrupción de memoria y caída del sistema) o posiblemente tener otros impactos, mediante comandos de sesión "keyctl" que provocan el acceso a una secuencia de pulsaciones en desuso que está bajo un borrado en la función key_cleanup. • https://www.exploit-db.com/exploits/33886 http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://marc.info/?l=linux-kernel&m=127192182917857&w=2 http://marc.info/?l=linux-kernel&m=127274294622730&w=2 http://marc.info/?l=linux-kernel&m=127292492727029&w=2 http://secunia.com/advisories/39830 http://secunia.com/advisories/40218 http://secunia.com/advisories/40645 http://secunia.com/advisories/43315 http://www.debian.org/security/2010/dsa-205 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2010-1451
https://notcve.org/view.php?id=CVE-2010-1451
The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application. La implementación TSB I-TLB en arch/sparc/kernel/tsb.S en el kernel de Linux anterior a v2.6.33 en plataformas SPARC, no obtiene de forma adecuada ciertos bits _PAGE_EXEC_4U y consecuentemente no implementa de forma adecuada una pila no-ejecutable, lo que facilita a atacantes dependiendo del contexto explotar desbordamientos de búfer basados en pila a través de aplicaciones manipuladas. • http://marc.info/?l=linux-sparc&m=126662159602378&w=2 http://marc.info/?l=linux-sparc&m=126662196902830&w=2 http://secunia.com/advisories/39830 http://www.debian.org/security/2010/dsa-2053 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33 http://www.openwall.com/lists/oss-security/2010/02/24/1 http://www.openwall.com/lists/oss-security/2010/05/05/2 • CWE-787: Out-of-bounds Write •
CVE-2010-1173 – Linux Kernel 2.6.33.3 - SCTP INIT Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-1173
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data. La función sctp_process_unk_param en net/sctp/sm_make_chunk.c en el kernel de Linux v2.6.33.3 y anteriores, cuando está activado SCTP, permite a atacantes remotos provocar una denegación de servicio (caída del sistema) a través de un paquete SCTPChunkInit que contiene múltiples parámetros inválidos que requieren una cantidad grande de datos de error. • https://www.exploit-db.com/exploits/14594 http://article.gmane.org/gmane.linux.network/159531 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809 http://kbase.redhat.com/faq/docs/DOC-31052 http://marc.info/?l=oss-security&m=127251068407878&w=2 http://secunia.com/advisories/39830 http://secunia.com/advisories/40218 http://secunia.com/advisories/43315 http://www.debian.org/security/2010/dsa-2053 http://www • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •