CVSS: 6.8EPSS: 1%CPEs: 20EXPL: 0CVE-2010-1321 – krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)
https://notcve.org/view.php?id=CVE-2010-1321
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. Vulnerabilidad en la función "kg_accept_krb5" en "krb5/accept_sec_context.c" de la librería GSS-API en MIT Kerberos v5 (también conocido como krb5) a través de v1.7.1 y v1.8 anterior a v1.8.2, como los usados en "kadmind" y otras aplicaciones, no comprueban adecuadamente vales (tokens) GSS-API inválidos, que permiten a usuarios autenticados remotamente causar una denegación de servicio (referencia a puntero nulo y caída del demonio) a través de un mensaje AP-REQ en el cual se pierde el campo "checksum" del usuario autenticado. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://lists.opensuse.org/opensuse-security-announce • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 4CVE-2010-1437 – Linux Kernel 2.6.34 - 'find_keyring_by_name()' Local Memory Corruption
https://notcve.org/view.php?id=CVE-2010-1437
Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. Condición de carrera en la función find_keyring_by_name en security/keys/keyring.c el el kernel de Linux v2.6.34-rc5 y anteriores, permite usuarios locales provocar una denegación de servicio (corrupción de memoria y caída del sistema) o posiblemente tener otros impactos, mediante comandos de sesión "keyctl" que provocan el acceso a una secuencia de pulsaciones en desuso que está bajo un borrado en la función key_cleanup. • https://www.exploit-db.com/exploits/33886 http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://marc.info/?l=linux-kernel&m=127192182917857&w=2 http://marc.info/?l=linux-kernel&m=127274294622730&w=2 http://marc.info/?l=linux-kernel&m=127292492727029&w=2 http://secunia.com/advisories/39830 http://secunia.com/advisories/40218 http://secunia.com/advisories/40645 http://secunia.com/advisories/43315 http://www.debian.org/security/2010/dsa-205 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 3CVE-2010-1451
https://notcve.org/view.php?id=CVE-2010-1451
The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application. La implementación TSB I-TLB en arch/sparc/kernel/tsb.S en el kernel de Linux anterior a v2.6.33 en plataformas SPARC, no obtiene de forma adecuada ciertos bits _PAGE_EXEC_4U y consecuentemente no implementa de forma adecuada una pila no-ejecutable, lo que facilita a atacantes dependiendo del contexto explotar desbordamientos de búfer basados en pila a través de aplicaciones manipuladas. • http://marc.info/?l=linux-sparc&m=126662159602378&w=2 http://marc.info/?l=linux-sparc&m=126662196902830&w=2 http://secunia.com/advisories/39830 http://www.debian.org/security/2010/dsa-2053 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33 http://www.openwall.com/lists/oss-security/2010/02/24/1 http://www.openwall.com/lists/oss-security/2010/05/05/2 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2010-0747
https://notcve.org/view.php?id=CVE-2010-0747
drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. drbd8 permite a usuarios locales omitir las restricciones previstas para determinadas acciones por medio de paquetes de netlink, similar a CVE-2009-3725. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573531 https://security-tracker.debian.org/tracker/CVE-2010-0747 https://www.debian.org/security/2010/dsa-2015 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2010-1087 – kernel: NFS: Fix an Oops when truncating a file
https://notcve.org/view.php?id=CVE-2010-1087
The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. La funcion nfs_wait_on_request en fs/nfs/pagelist.c en Linux kernel desde v2.6.x hasta v2.6.33-rc5 permite a atacantes producir una denegación de servicio (OOPS) a través de vectores desconocidos relacionados con el truncado de un fichero y una operación que no se puede interrumpir. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=9f557cd8073104b39528794d44e129331ded649f http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html http://secunia.com/advisories/39830 http://secunia.com/advisories/40645 http://secunia.com/advisories/43315 http://www.debian.org/security/2010/dsa-2053 http://www.openwall.com/lists/oss-security/2010/03/03/1 http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •