Page 717 of 4770 results (0.022 seconds)

CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. La implementación Netlink en el kernel de Linux hasta 3.14.1 no proporciona un mecanismo para autorizar operaciones socket basadas en el abridor de un socket, lo que permite a usuarios locales evadir restricciones de acceso y modificar configuraciones de red mediante el uso de un socket Netlink para (1) stdout o (2) stderr de un programa setuid. It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.info/?l=linux-netdev&m=139828832919748&w=2 http://rhn.redhat.com/errata/RHSA-2014-1959.html http://www.open • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 2

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. Desbordamiento de enteros en la función ping_init_sock en net/ipv4/ping.c en el kernel de Linux hasta 3.14.1 permite a usuarios locales causar una denegación de servicio (uso después de liberación y caída de sistema) o posiblemente ganar privilegios a través de una aplicación manipulada que aprovecha un contador de referencia manejado indebidamente. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. • https://www.exploit-db.com/exploits/32926 http://secunia.com/advisories/59386 http://secunia.com/advisories/59599 http://www.debian.org/security/2014/dsa-2926 http://www.openwall.com/lists/oss-security/2014/04/11/4 http://www.securityfocus.com/bid/66779 http://www.securitytracker.com/id/1030769 https://bugzilla.redhat.com/show_bug.cgi?id=1086730 https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac https://lkml.org& • CWE-416: Use After Free •

CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 1

The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic. La función cma_req_handler en drivers/infiniband/core/cma.c en el kernel de Linux 3.14.x hasta 3.14.1 intenta resolver un RDMA sobre una dirección Converged Ethernet (también conocido como RoCE) que se resuelve debidamente dentro de un módulo diferente, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero incorrecto y caída de sistema) a través de trafico de red manipulado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b2853fd6c2d0f383dbdf7427e263eb576a633867 http://www.openwall.com/lists/oss-security/2014/04/10/9 http://www.securityfocus.com/bid/66716 https://bugzilla.redhat.com/show_bug.cgi?id=1085415 https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. La función ioapic_deliver en virt/kvm/ioapic.c en el kernel de Linux hasta 3.14.1 no valida debidamente el valor de vuelta kvm_irq_delivery_to_apic, lo que permite a usuarios invitados del sistema operativo causar una denegación de servicio (caída de sistema operativo anfitrión) a través de una entrada manipulada en la tabla de redirección de I/O APIC. NOTA: el código afectado fue trasladado a la función ioapic_service antes de que la vulnerabilidad fue anunciada. • http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60 http://www.openwall.com/lists/oss-security/2014/04/07/2 https://bugzilla.redhat.com/show_bug.cgi?id=1081589 • CWE-20: Improper Input Validation •

CVSS: 7.1EPSS: 2%CPEs: 11EXPL: 1

Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. Condición de carrera en el subsistema mac80211 en el kernel de Linux anterior a 3.13.7 permite a atacantes remotos causar una denegación de servicio (caída de sistema) a través de trafico de red que no interactúa debidamente con el estado WLAN_STA_PS_STA (también conocido como el modo power-save), relacionado con sta_info.c y tx.c. A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1d147bfa64293b2723c4fec50922168658e613ba http://linux.oracle.com/errata/ELSA-2014-3052.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://secunia.com/advisories/60613 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 http://www.openwall.com/lists/oss-security/2014/04/01/8 http:/&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •