CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1243
https://notcve.org/view.php?id=CVE-2009-1243
net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the "udp seq_file infrastructure." net/ipv4/udp.c en el kernel de Linux anteriores a v2.6.29.1, desarrolla un paso desbloqueante en ciertas circunstancias incorrectas, lo que permite a los usuarios locales causar una denegación de servicio (panic) por lectura de cero bytes desde el archivo /proc/net/udp y otros no especificado, en relación a "udp seq_file infrastructure." • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=30842f2989aacfaba3ccb39829b3417be9313dbe http://openwall.com/lists/oss-security/2009/04/01/4 http://secunia.com/advisories/34478 http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-proc-net-udp-8586 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.1 http://www.securityfocus.com/bid/34329 http://www.vupen.com/english/advisories/2009/0924 https://exchange.xforce.ibmcloud&# • CWE-667: Improper Locking •
CVSS: 6.2EPSS: 96%CPEs: 22EXPL: 0CVE-2009-1072 – kernel: nfsd should drop CAP_MKNOD for non-root
https://notcve.org/view.php?id=CVE-2009-1072
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. nfsd en el Kernel de Linux anteriores a la v2.6.28.9 no detiene la capacidad de CAP_MKNOD antes del manejo de una petición de usuario en un hilo, lo que permite a usuarios locales crear nodos de dispositivo, como se ha demostrado en un sistema de ficheros que ha sido exportado con la opción root_squash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://secunia.com/advisories/34422 http://secunia.com/advisories/34432 http://sec • CWE-16: Configuration •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2009-0787 – kernel: ecryptfs file header infoleak
https://notcve.org/view.php?id=CVE-2009-0787
The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory. La función ecryptfs_write_metadata_to_contents en la funcionalidad eCryptfs en el kernel Linux v2.6.28 anterior a v2.6.28.9 emplea un tamaño incorrecto cuando escribe de la memoria del kernel a la cabecera del archivo eCryptfs, lo que dispara una lectura fuera de rango y permite a usuarios locales obtener porciones d la memoria del kernel. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=8faece5f906725c10e7a1f6caf84452abadbdc7b http://osvdb.org/52860 http://rhn.redhat.com/errata/RHSA-2009-0473.html http://secunia.com/advisories/34422 http://secunia.com/advisories/35015 http://secunia.com/advisories/37471 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9 http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/34216 http:&# • CWE-189: Numeric Errors •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 1CVE-2009-1046 – Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-1046
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries. La funcionalidad de selección de consola en el kernel de Linux 2.6.28 en versiones anteriores a 2.6.28.4, 2.6.25 y posiblemente versiones anteriores, cuando se utiliza la consola UTF-8, permite a atacantes físicamente próximos causar una denegación de servicio (corrupción de memoria) seleccionando un número pequeño de carácteres de 3 bytes UTF-8, lo que desencadena un "error de memoria off-by-two". NOTA: no queda claro si el problema traspasa límites de privilegio. • https://www.exploit-db.com/exploits/9083 http://lists.openwall.net/linux-kernel/2009/01/30/333 http://lists.openwall.net/linux-kernel/2009/02/02/364 http://secunia.com/advisories/34917 http://secunia.com/advisories/34981 http://secunia.com/advisories/35121 http://www.debian.org/security/2009/dsa-1787 http://www.debian.org/security/2009/dsa-1800 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4 http://www.openwall.com/lists/oss-security/ • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-0935
https://notcve.org/view.php?id=CVE-2009-0935
The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device's event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance. La función inotify_read en el kernel de Linux versiones 2.6.27 hasta 2.6.27.13, 2.6.28 hasta 2.6.28.2 y 2.6.29-rc3, permite a los usuarios locales causar una denegación de servicio (OOPS) por medio de una lectura con una dirección no válida en una instancia inotify, lo que causa que la exclusión mutua de la lista de eventos del dispositivo se desbloquee dos veces e impida la sincronización apropiada de una estructura de datos para la instancia inotify. • http://marc.info/?l=linux-kernel&m=123337123501681&w=2 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3 http://www.openwall.com/lists/oss-security/2009/03/06/2 http://www.openwall.com/lists/oss-security/2009/03/18/5 http://www.openwall.com/lists/oss-security/2009/03/19/2 http://www.securityfocus.com/bid/33624 https://bugzilla.redhat.com/show_bug.cgi?id=488935 https://exchange.xforce.ibmcloud.com/vulnerabilities/49331 • CWE-667: Improper Locking •