CVE-2009-1184
https://notcve.org/view.php?id=CVE-2009-1184
The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21. La función selinux_ip_postroute_iptables_compat en security/selinux/hooks.c en el subsistema SELinux en el kernel de Linux anterior a v2.6.27.22, y v2.6.28.x anterior a 2.6.28.10, cuando compat_net esta activado, omite llamadas a avc_has_perm para (1) el nodo y (2) puerto, lo que permite a usuarios locales evitar la restricciones previstas en el trafico de la red. NOTA: Esto fue incorrectamente reportado como una cuestión arreglada en 2.6.27.21. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=910c9e41186762de3717baaf392ab5ff0c454496 http://lwn.net/Articles/331434 http://lwn.net/Articles/331435 http://patchwork.ozlabs.org/patch/25238 http://secunia.com/advisories/35121 http://secunia.com/advisories/35656 http://www.debian.org/security/2009/dsa-1800 http://www.mandriva.com/security/advisories?name=MDVSA-2009:118 http://www.mandriva.com/security/advisories?name=MDVSA-2009:119 http:// • CWE-16: Configuration •
CVE-2009-1439 – kernel: cifs: memory overwrite when saving nativeFileSystem field during mount
https://notcve.org/view.php?id=CVE-2009-1439
Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request. Un desbordamiento de búfer en fs/cifs/connect.c en el kernel de Linux v2.6.29 y anteriores permite a atacantes remotos provocar una denegación de servicio (mediante caída) a través de un campo nativeFileSystem demasiado largo en una respuesta Tree Connect a una petición de montaje SMB. • http://blog.fefe.de/?ts=b72905a8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b363b3304bcf68c4541683b2eff70b29f0446a5b http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html http://lists.samba.org/archive/linux-cifs-client • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1192 – kernel: agp: zero pages before sending to userspace
https://notcve.org/view.php?id=CVE-2009-1192
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. drivers/char/agp/generic.c en el subsistema en el kernel de Linux antes de v2.6.30-rc3 no vacía páginas que más tarde pueden estar disponibles para un proceso del espacio de usuario, lo que permite a usuarios locales obtener información sensible mediante la lectura estas páginas. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=59de2bebabc5027f93df999d59cc65df591c3e6e http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http://openwall.com/lists/oss-security/2009/04/22/2 http://secunia.com/advisories/34981 http://secunia.com/advisories/35011 http://secunia.com/advisories •
CVE-2009-1338 – kernel: 'kill sig -1' must only apply to caller's pid namespace
https://notcve.org/view.php?id=CVE-2009-1338
The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via a kill command. La función kill_something_info function en kernel/signal.c en el núcleo de Linux versiones anteriores a v2.6.28 no considera namespaces PID cuando está procesando señales dirigidas a PID -1, lo cual permite a atacantes remotos evitar namespace aislados, y envía señales de su elección a todos los procesos en todos los namespaces, a través del comando kill. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d25141a818383b3c3b09f065698c544a7a0ec6e7 http://lkml.org/lkml/2008/7/23/148 http://secunia.com/advisories/34981 http://secunia.com/advisories/35120 http://secunia.com/advisories/35121 http://secunia.com/advisories/35343 http://secunia.com/advisories/35656 http://wiki.rpath.com/Advisories:rPSA-2009-0084 http://www.debian.org/security/2009/dsa-1787 http://www.debian.org/security/2009/dsa-1800 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-1336 – kernel: nfsv4 client can be crashed by stating a long filename
https://notcve.org/view.php?id=CVE-2009-1336
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function. fs/nfs/client.c in el kernel de Linux en versiones anteriores a v2.6.23 no inicializa adecuadamente cierto miembro de la estructura que alacena la longitud máxima de fichero NFS, lo que permite a usuarios locales producir una denegación de servicio (OOPS) a través de un nombre de fichero largo, relacionado con la función encode_lookup. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=54af3bb543c071769141387a42deaaab5074da55 http://rhn.redhat.com/errata/RHSA-2009-0473.html http://secunia.com/advisories/35011 http://secunia.com/advisories/35015 http://secunia.com/advisories/35160 http://secunia.com/advisories/35324 http://secunia.com/advisories/35656 http://secunia.com/advisories/37471 http://www.debian.org/security/2009/dsa-1794 http://www.kernel.org/pub/linux/kernel/v2.6/Ch • CWE-20: Improper Input Validation •