CVE-2009-3939 – kernel: megaraid_sas permissions in sysfs
https://notcve.org/view.php?id=CVE-2009-3939
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. El fichero poll_mode_io para el controlador megaraid_sas en el kernel de Linux v2.6.31.6 y anteriores tiene permisos de escritura para todos, permitiendo a usuarios locales cambiar el modo de E/S del dispositivo modificando este fichero. • http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-03 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2008-4582 – Mozilla Firefox 3.0.3 - Internet Shortcut Same Origin Policy Violation
https://notcve.org/view.php?id=CVE-2008-4582
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. Mozilla Firefox 3.0.1 hasta la versión 3.0.3, Firefox 2.x en versiones anteriores a 2.0.0.18 y SeaMonkey 1.x en versiones anteriores a 1.1.13, cuando se ejecuta en Windows, no identifican correctamente el contexto de los archivos de acceso directo de Windows .url, lo que permite a atacantes remotos asistidos por usuario eludir la Same Origin Policy y obtener información sensible a través de un documento HTML que es accesible directamente a través de un sistema de archivos, como se demuestra por los documentos en (1) carpetas locales, (2) carpetas compartidas de Windows y (3) archivos RAR y como se demuestra por IFRAMEs referenciando shortcuts que apuntan a (a) about:cache?device=memory y (b) about:cache? • https://www.exploit-db.com/exploits/32466 http://liudieyu0.blog124.fc2.com/blog-entry-6.html http://secunia.com/advisories/32192 http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32714 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32845 http://secunia.com/advisories/32853 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http://secunia.com • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-6211 – Send ICMP Nasty Garbage (SING) - Append File Logrotate
https://notcve.org/view.php?id=CVE-2007-6211
Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation. Send ICMP Nasty Garbage (sing) en Debian GNU/Linux, permite a usuarios locales agregar archivos arbitrarios y alcanzar privilegios por medio de la opción -L (archivo de registro de salida). NOTA: este problema es solo una vulnerabilidad en entornos limitados, ya que en sing no está instalado setuid, y el administrador necesitaría invalidar un valor predeterminado que no sea setuid durante la instalación. • https://www.exploit-db.com/exploits/4698 http://osvdb.org/44157 http://securityreason.com/securityalert/3412 http://www.securityfocus.com/archive/1/484472/100/0/threaded http://www.securityfocus.com/archive/1/484591/100/200/threaded http://www.securityfocus.com/bid/26679 https://exchange.xforce.ibmcloud.com/vulnerabilities/38822 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-5873
https://notcve.org/view.php?id=CVE-2006-5873
Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet. Desbordamiento de búfer en la función cluster_process_heartbeat en cluster.c del layer 2 tunneling protocol network server (l2tpns) anterior a 2.1.21 permite a atacantes remotos provocar una denegación de servicio mediante un paquete de pulso (heartbeat packet) largo. • http://l2tpns.cvs.sourceforge.net/l2tpns/l2tpns/cluster.c?r1=1.53&r2=1.54 http://secunia.com/advisories/23230 http://secunia.com/advisories/23333 http://sourceforge.net/project/shownotes.php?group_id=97282&release_id=468202 http://www.debian.org/security/2006/dsa-1230 http://www.securityfocus.com/bid/21443 http://www.vupen.com/english/advisories/2006/4860 https://exchange.xforce.ibmcloud.com/vulnerabilities/30732 •
CVE-2006-1244
https://notcve.org/view.php?id=CVE-2006-1244
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature. • http://secunia.com/advisories/18948 http://secunia.com/advisories/19021 http://secunia.com/advisories/19065 http://secunia.com/advisories/19091 http://secunia.com/advisories/19164 http://secunia.com/advisories/19364 http://secunia.com/advisories/19644 http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz http://www.debian.org/security/2006/dsa-1019 http://www.debian.org/security/2006/dsa-979 http://www.debian.org/security •